Solved System running slow and sluggish part1 FRST.log

siedog · Mar 30, 2018

System is running slow and sluggish. I have Malwarebytes and after updating it, system was running extremely slow/sluggish..not sure why. I disabled Malwarebytes for now.. here are the FRST and Addition logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by siedog (administrator) on SIEDOG-LAPTOP (30-03-2018 20:30:59)
Running from C:\Users\siedog\Desktop
Loaded Profiles: siedog (Available Profiles: siedog)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation)
HKLM\...\Run: [TFPUPWDBankService] => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe [925104 2010-03-02] (TOSHIBA)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe [789368 2010-11-04] (TOSHIBA)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-10] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-08-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-12] (AVAST Software)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-23] (Intel Corporation)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [2482128 2018-03-19] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Run: [Camfrog] => C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe [11432880 2012-08-06] (Camshare Inc.)
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-05-09] (Siber Systems)
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Run: [Google Update] => C:\Users\siedog\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2016-06-25]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C07A6633-B90E-4D56-AA34-14D06EC2CEBC}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {C982FC6D-24B6-4E03-9F6E-68DB20F31F40} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {C982FC6D-24B6-4E03-9F6E-68DB20F31F40} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {C982FC6D-24B6-4E03-9F6E-68DB20F31F40} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {C982FC6D-24B6-4E03-9F6E-68DB20F31F40} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2030355160-575983693-1602061601-1000 -> DefaultScope {C982FC6D-24B6-4E03-9F6E-68DB20F31F40} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS505
SearchScopes: HKU\S-1-5-21-2030355160-575983693-1602061601-1000 -> {AB0504D2-C874-4BA1-B4C1-63B25F43CB76} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2030355160-575983693-1602061601-1000 -> {C982FC6D-24B6-4E03-9F6E-68DB20F31F40} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS505
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-09] (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
BHO-x32: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll [2010-03-02] (TODO: <Company name>)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-09] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-12] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-09] (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-09] (Siber Systems Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-20] (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-2030355160-575983693-1602061601-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\siedog\AppData\Roaming\Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007 [2018-03-30]
FF Homepage: Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007 -> hxxps://www.google.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007 -> type", 0
FF Extension: (Avast SafePrice) - C:\Users\siedog\AppData\Roaming\Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007\Extensions\sp@avast.com.xpi [2018-03-07]
FF Extension: (Avast Online Security) - C:\Users\siedog\AppData\Roaming\Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007\Extensions\wrc@avast.com.xpi [2017-10-06]
FF Extension: (Flashblock) - C:\Users\siedog\AppData\Roaming\Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-08] [Legacy]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\siedog\AppData\Roaming\Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007\features\{66b3af8e-9220-4e40-9baf-db5bb25b9e4e}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-28] [Legacy]
FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - => not found
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: (RoboForm Toolbar for Firefox) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-05-09] [Legacy] [not signed]
FF HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2011-07-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2030355160-575983693-1602061601-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\siedog\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2030355160-575983693-1602061601-1000: @talk.google.com/O1DPlugin -> C:\Users\siedog\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2030355160-575983693-1602061601-1000: @tools.google.com/Google Update;version=3 -> C:\Users\siedog\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-2030355160-575983693-1602061601-1000: @tools.google.com/Google Update;version=9 -> C:\Users\siedog\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\siedog\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\siedog\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\siedog\AppData\Local\Google\Chrome\User Data\Default [2018-03-30]
CHR Extension: (Avast SafePrice) - C:\Users\siedog\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-20]
CHR Extension: (Avast Online Security) - C:\Users\siedog\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\siedog\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]
CHR Extension: (Chrome Media Router) - C:\Users\siedog\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-30]
CHR Extension: (RoboForm Password Manager) - C:\Users\siedog\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-03-27]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-06-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-06-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-12] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-12] (AVAST Software)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [196648 2018-03-12] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-12] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [199440 2018-03-12] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [343752 2018-03-12] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [57680 2018-03-12] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [215320 2018-03-12] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46968 2018-03-12] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [41832 2017-09-01] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [146656 2018-03-12] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110328 2018-03-12] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84368 2018-03-12] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1026696 2018-03-12] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [460520 2018-03-12] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [205976 2018-03-12] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380528 2018-03-12] (AVAST Software)
S3 ManyCam; C:\windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-14] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 20:30 - 2018-03-30 20:32 - 000028071 _____ C:\Users\siedog\Desktop\FRST.txt
2018-03-30 20:29 - 2018-03-30 20:30 - 000000000 ____D C:\FRST
2018-03-30 20:26 - 2018-03-30 20:27 - 002393088 _____ (Farbar) C:\Users\siedog\Desktop\FRST64.exe
2018-03-30 20:25 - 2018-03-30 20:25 - 000109688 _____ C:\Users\siedog\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-27 23:46 - 2018-03-27 23:46 - 019546307 _____ C:\Users\siedog\Desktop\-Legion- Star Aubrey Plaza Leaked Masturbation Video - Celebrity Leaks_1.mp4
2018-03-27 00:18 - 2018-03-27 00:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-27 00:18 - 2018-01-18 08:03 - 000076200 _____ C:\windows\system32\Drivers\mbae64.sys
2018-03-13 21:34 - 2018-03-30 06:59 - 000004474 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-12 20:09 - 2018-03-12 20:08 - 000380768 _____ (AVAST Software) C:\windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 20:30 - 2009-07-13 21:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-30 20:30 - 2009-07-13 21:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-30 20:18 - 2016-11-22 07:48 - 000000000 ____D C:\Users\siedog\AppData\LocalLow\Mozilla
2018-03-30 20:17 - 2009-07-13 20:20 - 000000000 ____D C:\windows\inf
2018-03-30 06:59 - 2017-10-24 23:56 - 000003872 _____ C:\windows\System32\Tasks\CCleaner Update
2018-03-30 06:59 - 2017-10-08 10:33 - 000002802 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2018-03-30 06:59 - 2017-07-06 06:58 - 000003234 _____ C:\windows\System32\Tasks\SidebarExecute
2018-03-30 06:59 - 2016-03-11 22:39 - 000003902 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1457761181
2018-03-30 06:59 - 2015-12-03 11:10 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
2018-03-30 06:59 - 2015-01-15 04:22 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-30 06:59 - 2014-09-14 16:42 - 000003508 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2030355160-575983693-1602061601-1000UA
2018-03-30 06:59 - 2014-09-14 16:42 - 000003236 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2030355160-575983693-1602061601-1000Core
2018-03-30 06:59 - 2014-01-02 11:58 - 000000000 ____D C:\Users\siedog\AppData\Roaming\vlc
2018-03-30 06:59 - 2013-10-23 15:40 - 000003592 _____ C:\windows\System32\Tasks\Maxthon Update
2018-03-30 06:59 - 2013-07-22 11:10 - 000003118 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2018-03-30 06:59 - 2013-07-22 11:10 - 000003092 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2018-03-30 06:59 - 2013-07-22 11:10 - 000003090 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2018-03-30 06:59 - 2013-07-22 11:10 - 000003062 _____ C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2018-03-30 06:59 - 2013-07-22 11:10 - 000003060 _____ C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2018-03-30 06:59 - 2013-07-11 03:20 - 000004120 _____ C:\windows\System32\Tasks\Open URL by RoboForm
2018-03-30 06:59 - 2013-07-11 03:20 - 000003504 _____ C:\windows\System32\Tasks\Run RoboForm TaskBar Icon
2018-03-30 06:59 - 2012-12-30 11:32 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-03-30 06:59 - 2012-09-14 21:22 - 000003492 _____ C:\windows\System32\Tasks\ConfigFree Startup Programs
2018-03-30 06:59 - 2011-10-21 01:45 - 000003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-30 06:59 - 2011-10-21 01:45 - 000003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-29 23:12 - 2015-11-26 12:27 - 010921984 ___SH C:\Users\siedog\Desktop\Thumbs.db
2018-03-28 22:40 - 2017-07-08 23:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-24 16:11 - 2017-03-04 00:05 - 000004168 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-03-21 16:38 - 2011-10-21 01:45 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-20 22:11 - 2012-09-17 19:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-18 08:29 - 2016-07-10 17:15 - 000000000 ____D C:\Users\siedog\Desktop\Misc Stuff
2018-03-15 06:58 - 2013-08-14 02:10 - 000000000 ____D C:\Users\siedog\Desktop\Movie Passes
2018-03-13 21:34 - 2012-10-14 03:30 - 000804352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-03-13 21:34 - 2012-10-14 03:30 - 000000000 ____D C:\windows\system32\Macromed
2018-03-13 21:34 - 2011-10-21 01:40 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 21:34 - 2011-10-21 01:40 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-03-12 22:38 - 2014-10-23 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-12 22:33 - 2014-10-23 01:42 - 000097344 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2018-03-12 22:33 - 2011-10-21 01:35 - 000000000 ____D C:\Program Files (x86)\Java
2018-03-12 22:33 - 2009-07-13 22:13 - 000006514 _____ C:\windows\system32\PerfStringBackup.INI
2018-03-12 22:26 - 2009-07-13 22:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-12 22:24 - 2013-06-18 04:11 - 000000000 ____D C:\Users\siedog\AppData\Local\CrashDumps
2018-03-12 20:08 - 2017-11-22 13:46 - 000196648 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-03-12 20:08 - 2014-08-07 21:47 - 000205976 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-03-12 20:08 - 2014-08-07 21:47 - 000046968 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-03-12 20:08 - 2013-08-14 05:39 - 000460520 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-03-12 20:08 - 2013-08-14 05:39 - 000380528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-03-12 20:08 - 2013-08-14 05:39 - 000146656 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-03-12 20:08 - 2013-08-14 05:39 - 000110328 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-03-12 20:08 - 2013-08-14 05:39 - 000084368 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-03-12 20:07 - 2018-01-04 18:47 - 000215320 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-03-12 20:07 - 2017-03-04 00:05 - 000343752 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-03-12 20:07 - 2017-03-04 00:05 - 000227504 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-03-12 20:07 - 2017-03-04 00:05 - 000199440 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-03-12 20:07 - 2017-03-04 00:05 - 000057680 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-03-12 20:07 - 2013-08-14 05:39 - 001026696 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 00:44

==================== End of FRST.txt ============================

siedog · Mar 30, 2018

Part 2 Addition.log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by siedog (30-03-2018 20:33:52)
Running from C:\Users\siedog\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-09-15 00:44:17)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2030355160-575983693-1602061601-500 - Administrator - Disabled)
Guest (S-1-5-21-2030355160-575983693-1602061601-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2030355160-575983693-1602061601-1027 - Limited - Enabled)
siedog (S-1-5-21-2030355160-575983693-1602061601-1000 - Administrator - Enabled) => C:\Users\siedog

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Adobe Connect 9 Add-in) (Version: 11,2,385,0 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Software (HKLM\...\{5F1DFCC1-595D-4235-A044-E05B706D800A}) (Version: 9.0.8.36 - AuthenTec, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.13(T) - TOSHIBA CORPORATION)
Camfrog Video Chat 6.3 (HKLM-x32\...\Camfrog 6.3) (Version: 6.3.208 - Camshare Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GWXStopper 1.20 (HKLM-x32\...\GWXStopper_is1) (Version: - Greatis Software, LLC.)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.18.0 (HKLM-x32\...\{9602841E-ECE2-1019-AAEE-906A4DE25D6B}) (Version: 1.2.18.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.5 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.3000 - Maxthon International Limited)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.25.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.25.0 - Renesas Electronics Corporation)
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
RoboForm 7-9-13-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-13-5 - Siber Systems)
RogueKiller version 12.11.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.1.0 - Adlice Software)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TFPU (HKLM\...\{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.0 - TOSHIBA) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.6 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{A9FD58A9-7640-4E61-B166-F5FBAD8219F6}) (Version: 8.0.42 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{41C2B21A-63BB-4377-9567-A97B15F21E59}) (Version: 1.3.7.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.3.49 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.6 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.11.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2003 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.9 - TOSHIBA Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.16.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.29 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2030355160-575983693-1602061601-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\siedog\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2030355160-575983693-1602061601-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\siedog\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2030355160-575983693-1602061601-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\siedog\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll [2010-03-02] (TOSHIBA)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.)
ContextMenuHandlers1: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\TFPU\TFPUFileShellExt.dll [2010-03-02] (TOSHIBA)
ContextMenuHandlers1: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ContextMenuHandlers4: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-08-31] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.)
ContextMenuHandlers6: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\TFPU\TFPUFileShellExt.dll [2010-03-02] (TOSHIBA)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15ABC649-A2A7-457A-9386-10AF2A5A987C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-12] (AVAST Software)
Task: {1634E891-8C1F-4A04-BBD1-ECD916613CA2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\windows\system32\GWX\GWX.exe
Task: {1D89F374-1AAE-48D0-AB6C-3033970A1B71} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2030355160-575983693-1602061601-1000UA => C:\Users\siedog\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {20434B6A-46C2-428F-B598-1231BD884234} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {2E17B900-F5AD-4829-A9AA-E30E6F7D30BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {31897D2A-18EC-4EF2-8366-58F044138CC1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {320B34D7-F2EC-4C76-AD99-04D9AC0CD9E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3658D8E1-9EDD-4ACA-B3CE-AD65AAC23F41} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-06-16] (TOSHIBA CORPORATION)
Task: {3C061830-DCAD-496D-B45D-9AE54CF1211F} - System32\Tasks\Open URL by RoboForm => C:\windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKMLJNMPMOMKJLJPMCNOJJJLJKJCNLMPMHMLJCNOJLJJMGMCNHMNJJMMJKMMJNMJJNMKJJMPMJNJICMIMCNGMCNOMMMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMJMJMIMJNHICMEKMICNJJCKJNBJCMMIGJKJLJAJIJJNKJCMJNNICMJNDJCMKJBJJNMJCMOM (the data entry has 43 more characters).
Task: {48543D34-0748-4991-91D9-F702172B242B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4CF1A1C5-ADC8-44C0-86FC-4F86A71C517B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4CF1A1C5-ADC8-44C0-86FC-4F86A71C517B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\windows\system32\GWX\GWXDetector.exe
Task: {526FE55F-157B-491E-8DF8-428B5844B8E2} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-05-09] (Siber Systems)
Task: {5421715A-F3F1-4BFB-9481-774722DC1D5B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {5B93B52A-83AE-4E51-BC11-22B54C684E70} - System32\Tasks\SafeZone scheduled Autoupdate 1457761181 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {5E7FFC6C-FC22-4564-8767-BE1C544453C0} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {5E7FFC6C-FC22-4564-8767-BE1C544453C0} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\windows\system32\GWX\GWXDetector.exe
Task: {5F4F1B58-F743-4C41-8E33-554E2952E136} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe
Task: {7520C490-6F13-4510-8872-704C1CFCB91B} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-12-11] (Maxthon International ltd.)
Task: {7AE745D8-DACA-4BDF-B07B-77725E79D058} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {7B6DEC9B-311B-4C3F-BDBA-A295C784812D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2030355160-575983693-1602061601-1000Core => C:\Users\siedog\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8882EB3D-AD0E-40BB-97DA-94F1F4450A6D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {8B82523C-6E53-4B46-AD81-D772076D874A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\windows\system32\GWX\GWX.exe
Task: {8C4126EC-2B62-4EE2-A634-F1BFD1AC93A1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8E47A19B-D8C8-4546-A9E2-3F656D876633} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {947DE79A-0B58-478D-BEBF-0CF0635E96F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\windows\system32\GWX\GWXConfigManager.exe
Task: {95D6B7E2-DD21-4755-B582-2FBA963B5B35} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {97B8DF6A-EF19-41FF-9079-C8AEF4177B4D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\windows\system32\GWX\GWX.exe
Task: {A24E61EA-4AD4-48AB-A05C-09BDEFBE2547} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {A24E61EA-4AD4-48AB-A05C-09BDEFBE2547} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): C:\windows\system32\GWX\GWXDetector.exe
Task: {AAD596DB-9B3B-43D9-B735-8E46480C9192} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\windows\system32\GWX\GWX.exe
Task: {AC20EE62-DD0E-4DA6-971B-2DC7DC5EAF35} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => C:\windows\system32\GWX\GWX.exe
Task: {B45EE8BA-534B-4806-82A8-F1184405B022} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {C8592277-1043-4A40-924D-A9EBB3EC6881} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-09] (AVAST Software)
Task: {CEB7C134-E7EE-4546-8F2B-461B1E96CFF4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\windows\system32\GWX\GWX.exe
Task: {D97D82C5-20CB-4F09-8DE6-AD62D30D0482} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DEFE004C-D3E7-454C-8A7B-04EC5B6AD060} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E54B8637-02EE-4015-B86F-999220EECFF0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {EAC02D2E-9D5D-4FB3-BC08-030D5394DD8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {F65BA010-4B9F-4E31-8862-B825AFE4E9A8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-05-31 17:32 - 2011-05-31 17:32 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-07-15 12:09 - 2012-10-04 19:49 - 000087152 _____ () C:\windows\System32\cpwmon64.dll
2011-01-08 11:49 - 2011-01-08 11:49 - 000360312 _____ () C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll
2011-08-31 12:13 - 2011-08-31 12:13 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-22 15:19 - 2011-08-22 15:19 - 011204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 10:37 - 2010-11-30 10:37 - 000048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-08-12 14:57 - 2011-08-12 14:57 - 000437632 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-12-15 15:19 - 2010-12-15 15:19 - 000124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2018-03-12 20:07 - 2018-03-12 20:07 - 000721624 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000326872 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2011-06-09 21:09 - 2011-06-09 21:09 - 000079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-12 12:06 - 2018-03-12 12:06 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18031202\algo.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-03-12 20:07 - 2018-03-12 20:07 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000339672 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-03-26 12:42 - 2018-03-26 12:42 - 005807760 _____ () C:\Program Files\AVAST Software\Avast\defs\18032604\algo.dll
2018-03-30 12:49 - 2018-03-30 12:49 - 005809296 _____ () C:\Program Files\AVAST Software\Avast\defs\18033004\algo.dll
2013-08-14 02:47 - 2013-05-16 10:55 - 000113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-08-14 02:47 - 2013-05-16 10:55 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-08-14 02:47 - 2013-05-16 10:55 - 000161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-08-14 02:47 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-08-14 02:47 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-12 20:07 - 2018-03-12 20:07 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\123simsen.com -> www.123simsen.com

There are 7935 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-06-18 22:35 - 000000027 _____ C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2030355160-575983693-1602061601-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\siedog\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BB8B1D37-3C4F-4B44-A839-77961A682FDB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{45B8D88B-15DB-4C68-802C-D7B22EA711B1}] => (Allow) LPort=2869
FirewallRules: [{6160DB7F-B176-4987-9C07-3698D0B28707}] => (Allow) LPort=1900
FirewallRules: [{245774BE-927B-49C7-92B0-953115F86D3D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CB4BB4CE-C744-4B75-91C2-DDB65B34330A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B606EF12-F6B7-4E11-AE4C-DA235BCB6B5B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1342C5F7-97BA-4587-80B6-3C9CDB1F84AB}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{7EDC955B-E2AF-49F9-9826-52642A30CB83}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{4F14B451-E6BD-4D94-A66D-076EA54660F6}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F265837D-2DC8-4813-9163-6ADA65200C6A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{CB89D180-758F-4E0B-AEA0-5FAC16EE4ECE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{60E83A1A-43DA-4046-A89D-A116A0927E35}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{4B87393E-ABDC-4964-B8CB-E40ADA01AEF6}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{1FD34AC0-6D4E-43C5-92BD-4B35D0879943}] => (Allow) C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
FirewallRules: [{61BF875E-E295-464E-B9C4-3312EDB92202}] => (Allow) C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
FirewallRules: [{C4697A7B-533F-4DF4-9583-01CAF63EFA8B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE6465AE-2D33-4CCA-AA1A-FFE7F26DAE42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1072C3AC-FFE4-4891-A682-E98C0A68F9FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8E27ED4B-7661-4887-A4CC-B421EB056E65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC8B714F-A05D-40F8-9A8C-0098677DF8D6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{1BD6768F-69AF-4767-92BF-5C48B72ACE94}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{F7E1B725-0341-4C1E-8462-F34F4C01097C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2018 10:40:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regsvr32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcdd6
Faulting module name: ntdll.dll, version: 6.1.7601.18939, time stamp: 0x55b02e88
Exception code: 0xc0000005
Fault offset: 0x0000000000026af9
Faulting process id: 0xa284
Faulting application start time: 0x01d3c72062c92e8b
Faulting application path: C:\windows\system32\regsvr32.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: a0d9956a-3313-11e8-af1c-e8e0b72c775e

Error: (03/20/2018 10:11:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regsvr32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcdd6
Faulting module name: ntdll.dll, version: 6.1.7601.18939, time stamp: 0x55b02e88
Exception code: 0xc0000005
Fault offset: 0x0000000000026af9
Faulting process id: 0xe28
Faulting application start time: 0x01d3c0d3010eb0e7
Faulting application path: C:\windows\system32\regsvr32.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 3f22e865-2cc6-11e8-af1c-e8e0b72c775e

Error: (03/12/2018 10:33:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/12/2018 10:33:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/12/2018 10:26:38 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2018 10:26:38 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2018 10:26:37 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2018 10:26:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (03/12/2018 10:26:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2018 10:26:37 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

System errors:
=============
Error: (03/30/2018 08:14:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (03/30/2018 01:27:14 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/29/2018 02:40:46 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/27/2018 08:55:05 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/26/2018 12:41:31 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/24/2018 08:28:01 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/23/2018 03:26:15 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/22/2018 06:48:35 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/20/2018 10:38:48 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/19/2018 08:31:43 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

CodeIntegrity:
===================================
Date: 2017-06-18 22:34:17.930
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-18 22:34:17.790
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2557M CPU @ 1.70GHz
Percentage of memory in use: 67%
Total physical RAM: 3972.55 MB
Available physical RAM: 1289.11 MB
Total Virtual: 11098.64 MB
Available Virtual: 7223.2 MB

==================== Drives ================================

Drive c: (TI106301W0D) (Fixed) (Total:108.48 GB) (Free:6.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (My Passport) (Fixed) (Total:3725.99 GB) (Free:3444.94 GB) NTFS
Drive I: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:8.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 4EF6EEA1)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=108.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.3 GB) - (Type=17)

========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 16F2A91F)

Partition: GPT.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 01891787)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Mar 31, 2018

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

First of all, you have very little free space on your main drive which could be your main culprit:
Drive c: (TI106301W0D) (Fixed) (Total:108.48 GB) (Free:6.4 GB)

Then...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

siedog · Mar 31, 2018

Not sure why the space issues are happening now because I haven't downloaded or installed anything new..I'm also using a wireless mouse, and it sometimes acts slow and sluggish as well when moving it around...anyways, here are the logs:

Roguekiller log:

RogueKiller V12.12.10.0 (x64) [Mar 26 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : siedog [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/31/2018 06:52:32 (Duration : 00:40:50)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP.Tific] (X86) HKEY_LOCAL_MACHINE\Software\Tific -> Not selected
[PUP.Tific] (X64) HKEY_USERS\S-1-5-21-2030355160-575983693-1602061601-1000\Software\Tific -> Not selected
[PUP.Tific] (X86) HKEY_USERS\S-1-5-21-2030355160-575983693-1602061601-1000\Software\Tific -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {60E83A1A-43DA-4046-A89D-A116A0927E35} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\EmailNotifier\EmailNotifier.exe|Name=Email Notifier| [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4B87393E-ABDC-4964-B8CB-E40ADA01AEF6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\EmailNotifier\EmailNotifier.exe|Name=Email Notifier| [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {60E83A1A-43DA-4046-A89D-A116A0927E35} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\EmailNotifier\EmailNotifier.exe|Name=Email Notifier| [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4B87393E-ABDC-4964-B8CB-E40ADA01AEF6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\EmailNotifier\EmailNotifier.exe|Name=Email Notifier| [x] -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2030355160-575983693-1602061601-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2030355160-575983693-1602061601-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\config\102\Config.swf -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\config\102 -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\config -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\content\102\Resources_en_US.swf -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\content\102 -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\content -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\hsplayer.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\Icon\icon.ico -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\Icon -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\InstallHelper.exe -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\Norton PC Checkup.exe -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\OemStop.exe -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\Resource.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\.CLT2010.exe -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\.CLT2011.exe -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\ccL100U.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\ccL90U.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\legacy\ccL80U.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\legacy\msvcm80.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\legacy\msvcp80.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\legacy\msvcr80.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\legacy\SymClgX.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\legacy\symNPD.exe -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\legacy\symNPDScan.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\legacy\SymXPep2.dll -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\legacy -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\libeay32.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\Microsoft.VC90.CRT\msvcm90.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\Microsoft.VC90.CRT\msvcp90.dll -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\Microsoft.VC90.CRT\msvcr90.dll -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\Microsoft.VC90.CRT -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\SymNSPDetector.exe -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\symNSPDetector3PP.xml.enc -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\symNSPDetectorNSP.xml.enc -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd\SymNSPScanner.exe -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\npd -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\nss\OEMScanner.exe -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners\nss -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\scanners -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ScheduleWinExe.exe -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\styles\102\en\img\virusBackground.png -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\styles\102\en\img -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\styles\102\en\Main.css -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\styles\102\en\Main.swf -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\styles\102\en -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\styles\102 -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\styles -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCUMigration.exe -> Deleted
[PUP.Tific][File] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\TestWorker.dll -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11 -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup\Engine -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86)\Norton PC Checkup -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C\Program Files (x86) -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201\C -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup\Install_DLM_File_9630274fb4394c0f991b2f41cb13c201 -> Deleted
[PUP.Tific][Folder] C:\Users\siedog\AppData\Local\Tific\Backup -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA THNSNS128GMCP +++++
--- User ---
[MBR] a70a40d294a2e3bd4873a14b4cbffbcb
[BSP] 21102dc0d3bf62eb9f232b081957228b : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 111086 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 230578176 | Size: 9517 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD My Passport 25E2 USB Device +++++
--- User ---
[MBR] b749ca3279980e04af4acfc8f6e210f5
[BSP] 7fd284fb52c67c795cf1eb3c56d573d7 : Empty MBR Code
Partition table:
0 - My Passport | Offset (sectors): 2048 | Size: 3815413 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Seagate Desktop USB Device +++++
--- User ---
[MBR] 873abf74ed7870cbbac8daa3f6d13f35
[BSP] 79ff37d2dceff9638e03823192a82f78 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Malwarebytes log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/31/18
Scan Time: 7:41 AM
Log File: a4ea23e2-34f1-11e8-ad72-e8e0b72c775e.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4566
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 273909
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 11 min, 28 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

AdwCleaner log:

# AdwCleaner 7.0.8.0 - Logfile created on Sat Mar 31 15:01:50 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-30.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {60E83A1A-43DA-4046-A89D-A116A0927E35}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4B87393E-ABDC-4964-B8CB-E40ADA01AEF6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Broni · Mar 31, 2018

"Not sure why the space issues are happening now because I haven't downloaded or installed anything new".
On the main drive Windows is always creating new files. You'll need to create more free space there. I think your best option would be to repartition.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

siedog · Mar 31, 2018

Are you helping me repartition? not sure how to do that. Here are the logs requested:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by siedog (administrator) on SIEDOG-LAPTOP (31-03-2018 19:25:19)
Running from C:\Users\siedog\Desktop
Loaded Profiles: siedog (Available Profiles: siedog)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation)
HKLM\...\Run: [TFPUPWDBankService] => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe [925104 2010-03-02] (TOSHIBA)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe [789368 2010-11-04] (TOSHIBA)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-10] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-08-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-12] (AVAST Software)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-23] (Intel Corporation)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [2482128 2018-03-19] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Run: [Camfrog] => C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe [11432880 2012-08-06] (Camshare Inc.)
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-05-09] (Siber Systems)
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Run: [Google Update] => C:\Users\siedog\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2016-06-25]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C07A6633-B90E-4D56-AA34-14D06EC2CEBC}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2030355160-575983693-1602061601-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {C982FC6D-24B6-4E03-9F6E-68DB20F31F40} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {C982FC6D-24B6-4E03-9F6E-68DB20F31F40} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {C982FC6D-24B6-4E03-9F6E-68DB20F31F40} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {C982FC6D-24B6-4E03-9F6E-68DB20F31F40} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2030355160-575983693-1602061601-1000 -> DefaultScope {C982FC6D-24B6-4E03-9F6E-68DB20F31F40} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS505
SearchScopes: HKU\S-1-5-21-2030355160-575983693-1602061601-1000 -> {AB0504D2-C874-4BA1-B4C1-63B25F43CB76} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2030355160-575983693-1602061601-1000 -> {C982FC6D-24B6-4E03-9F6E-68DB20F31F40} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS505
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-09] (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
BHO-x32: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll [2010-03-02] (TODO: <Company name>)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-09] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-12] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-05-09] (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-05-09] (Siber Systems Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-20] (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-2030355160-575983693-1602061601-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\siedog\AppData\Roaming\Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007 [2018-03-31]
FF Homepage: Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007 -> hxxps://www.google.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007 -> type", 0
FF Extension: (Avast SafePrice) - C:\Users\siedog\AppData\Roaming\Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007\Extensions\sp@avast.com.xpi [2018-03-07]
FF Extension: (Avast Online Security) - C:\Users\siedog\AppData\Roaming\Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007\Extensions\wrc@avast.com.xpi [2017-10-06]
FF Extension: (Flashblock) - C:\Users\siedog\AppData\Roaming\Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-08] [Legacy]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\siedog\AppData\Roaming\Mozilla\Firefox\Profiles\sv7ykcxx.default-1439641860007\features\{66b3af8e-9220-4e40-9baf-db5bb25b9e4e}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-28] [Legacy]
FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - => not found
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: (RoboForm Toolbar for Firefox) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-05-09] [Legacy] [not signed]
FF HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2011-07-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2030355160-575983693-1602061601-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\siedog\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2030355160-575983693-1602061601-1000: @talk.google.com/O1DPlugin -> C:\Users\siedog\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2030355160-575983693-1602061601-1000: @tools.google.com/Google Update;version=3 -> C:\Users\siedog\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-2030355160-575983693-1602061601-1000: @tools.google.com/Google Update;version=9 -> C:\Users\siedog\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\siedog\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\siedog\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\siedog\AppData\Local\Google\Chrome\User Data\Default [2018-03-31]
CHR Extension: (Avast SafePrice) - C:\Users\siedog\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-20]
CHR Extension: (Avast Online Security) - C:\Users\siedog\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\siedog\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]
CHR Extension: (Chrome Media Router) - C:\Users\siedog\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-30]
CHR Extension: (RoboForm Password Manager) - C:\Users\siedog\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-03-27]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-06-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-06-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-12] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-12] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [196648 2018-03-12] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-12] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [199440 2018-03-12] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [343752 2018-03-12] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [57680 2018-03-12] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [215320 2018-03-12] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46968 2018-03-12] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [41832 2017-09-01] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [146656 2018-03-12] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110328 2018-03-12] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84368 2018-03-12] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1026696 2018-03-12] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [460520 2018-03-12] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [205976 2018-03-12] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380528 2018-03-12] (AVAST Software)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [76200 2018-01-18] ()
S3 ManyCam; C:\windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-14] (Visicom Media Inc.)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-31] (Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [109800 2018-03-31] (Malwarebytes)
R3 MBAMProtection; C:\windows\System32\DRIVERS\mbam.sys [45960 2018-03-31] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-31] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [92280 2018-03-31] (Malwarebytes)
S3 mcaudrv_simple; C:\windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-31 19:25 - 2018-03-31 19:25 - 000028444 _____ C:\Users\siedog\Desktop\FRST.txt
2018-03-31 08:07 - 2018-03-31 08:07 - 000000000 ____D C:\Users\siedog\AppData\Local\CrashRpt
2018-03-31 08:06 - 2018-03-31 08:06 - 000045960 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2018-03-31 08:05 - 2018-03-31 08:05 - 000409608 _____ C:\windows\system32\FNTCACHE.DAT
2018-03-31 07:58 - 2018-03-31 08:04 - 000000000 ____D C:\AdwCleaner
2018-03-31 07:40 - 2018-03-31 08:06 - 000253664 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-03-31 07:40 - 2018-03-31 08:06 - 000109800 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2018-03-31 07:40 - 2018-03-31 08:06 - 000092280 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2018-03-31 07:40 - 2018-03-31 07:40 - 000193248 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2018-03-31 06:51 - 2018-03-31 06:51 - 000000829 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-03-31 06:47 - 2018-03-31 06:47 - 008222496 _____ (Malwarebytes) C:\Users\siedog\Desktop\AdwCleaner.exe
2018-03-31 06:45 - 2018-03-31 06:46 - 036513656 _____ (Adlice Software ) C:\Users\siedog\Desktop\RogueKiller_setup_ref3.exe
2018-03-30 20:29 - 2018-03-31 19:25 - 000000000 ____D C:\FRST
2018-03-30 20:26 - 2018-03-30 20:27 - 002393088 _____ (Farbar) C:\Users\siedog\Desktop\FRST64.exe
2018-03-30 20:25 - 2018-03-30 20:25 - 000109688 _____ C:\Users\siedog\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-27 23:46 - 2018-03-27 23:46 - 019546307 _____ C:\Users\siedog\Desktop\-Legion- Star Aubrey Plaza Leaked Masturbation Video - Celebrity Leaks_1.mp4
2018-03-27 00:18 - 2018-03-27 00:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-27 00:18 - 2018-01-18 08:03 - 000076200 _____ C:\windows\system32\Drivers\mbae64.sys
2018-03-13 21:34 - 2018-03-30 06:59 - 000004474 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-12 20:09 - 2018-03-12 20:08 - 000380768 _____ (AVAST Software) C:\windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-31 19:24 - 2016-11-22 07:48 - 000000000 ____D C:\Users\siedog\AppData\LocalLow\Mozilla
2018-03-31 08:14 - 2009-07-13 21:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-31 08:14 - 2009-07-13 21:45 - 000027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-31 08:13 - 2009-07-13 22:13 - 000006514 _____ C:\windows\system32\PerfStringBackup.INI
2018-03-31 08:05 - 2017-07-08 23:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-31 08:05 - 2012-09-17 19:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-31 08:05 - 2011-10-21 01:35 - 000000000 ____D C:\Program Files (x86)\Java
2018-03-31 08:05 - 2009-07-13 22:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-31 07:40 - 2009-07-13 20:20 - 000000000 ____D C:\windows\inf
2018-03-31 06:52 - 2017-06-18 15:24 - 000028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2018-03-31 06:52 - 2015-11-26 12:27 - 010921984 ___SH C:\Users\siedog\Desktop\Thumbs.db
2018-03-31 06:51 - 2017-06-18 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-31 06:51 - 2017-06-18 15:23 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-30 06:59 - 2017-10-24 23:56 - 000003872 _____ C:\windows\System32\Tasks\CCleaner Update
2018-03-30 06:59 - 2017-10-08 10:33 - 000002802 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2018-03-30 06:59 - 2017-07-06 06:58 - 000003234 _____ C:\windows\System32\Tasks\SidebarExecute
2018-03-30 06:59 - 2016-03-11 22:39 - 000003902 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1457761181
2018-03-30 06:59 - 2015-12-03 11:10 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
2018-03-30 06:59 - 2015-01-15 04:22 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-30 06:59 - 2014-09-14 16:42 - 000003508 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2030355160-575983693-1602061601-1000UA
2018-03-30 06:59 - 2014-09-14 16:42 - 000003236 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2030355160-575983693-1602061601-1000Core
2018-03-30 06:59 - 2014-01-02 11:58 - 000000000 ____D C:\Users\siedog\AppData\Roaming\vlc
2018-03-30 06:59 - 2013-10-23 15:40 - 000003592 _____ C:\windows\System32\Tasks\Maxthon Update
2018-03-30 06:59 - 2013-07-22 11:10 - 000003118 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2018-03-30 06:59 - 2013-07-22 11:10 - 000003092 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2018-03-30 06:59 - 2013-07-22 11:10 - 000003090 _____ C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2018-03-30 06:59 - 2013-07-22 11:10 - 000003062 _____ C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2018-03-30 06:59 - 2013-07-22 11:10 - 000003060 _____ C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2018-03-30 06:59 - 2013-07-11 03:20 - 000004120 _____ C:\windows\System32\Tasks\Open URL by RoboForm
2018-03-30 06:59 - 2013-07-11 03:20 - 000003504 _____ C:\windows\System32\Tasks\Run RoboForm TaskBar Icon
2018-03-30 06:59 - 2012-12-30 11:32 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-03-30 06:59 - 2012-09-14 21:22 - 000003492 _____ C:\windows\System32\Tasks\ConfigFree Startup Programs
2018-03-30 06:59 - 2011-10-21 01:45 - 000003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-30 06:59 - 2011-10-21 01:45 - 000003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-24 16:11 - 2017-03-04 00:05 - 000004168 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-03-21 16:38 - 2011-10-21 01:45 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-18 08:29 - 2016-07-10 17:15 - 000000000 ____D C:\Users\siedog\Desktop\Misc Stuff
2018-03-15 06:58 - 2013-08-14 02:10 - 000000000 ____D C:\Users\siedog\Desktop\Movie Passes
2018-03-13 21:34 - 2012-10-14 03:30 - 000804352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-03-13 21:34 - 2012-10-14 03:30 - 000000000 ____D C:\windows\system32\Macromed
2018-03-13 21:34 - 2011-10-21 01:40 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 21:34 - 2011-10-21 01:40 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-03-12 22:38 - 2014-10-23 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-12 22:33 - 2014-10-23 01:42 - 000097344 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2018-03-12 22:24 - 2013-06-18 04:11 - 000000000 ____D C:\Users\siedog\AppData\Local\CrashDumps
2018-03-12 20:08 - 2017-11-22 13:46 - 000196648 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-03-12 20:08 - 2014-08-07 21:47 - 000205976 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-03-12 20:08 - 2014-08-07 21:47 - 000046968 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-03-12 20:08 - 2013-08-14 05:39 - 000460520 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-03-12 20:08 - 2013-08-14 05:39 - 000380528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-03-12 20:08 - 2013-08-14 05:39 - 000146656 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-03-12 20:08 - 2013-08-14 05:39 - 000110328 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-03-12 20:08 - 2013-08-14 05:39 - 000084368 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-03-12 20:07 - 2018-01-04 18:47 - 000215320 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-03-12 20:07 - 2017-03-04 00:05 - 000343752 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-03-12 20:07 - 2017-03-04 00:05 - 000227504 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-03-12 20:07 - 2017-03-04 00:05 - 000199440 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-03-12 20:07 - 2017-03-04 00:05 - 000057680 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-03-12 20:07 - 2013-08-14 05:39 - 001026696 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys

Some files in TEMP:
====================
2018-03-31 06:52 - 2015-07-22 17:03 - 001730496 _____ (Microsoft Corporation) C:\Users\siedog\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 00:44

==================== End of FRST.txt ============================

siedog · Mar 31, 2018

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by siedog (31-03-2018 19:25:51)
Running from C:\Users\siedog\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-09-15 00:44:17)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2030355160-575983693-1602061601-500 - Administrator - Disabled)
Guest (S-1-5-21-2030355160-575983693-1602061601-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2030355160-575983693-1602061601-1027 - Limited - Enabled)
siedog (S-1-5-21-2030355160-575983693-1602061601-1000 - Administrator - Enabled) => C:\Users\siedog

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\Adobe Connect 9 Add-in) (Version: 11,2,385,0 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Software (HKLM\...\{5F1DFCC1-595D-4235-A044-E05B706D800A}) (Version: 9.0.8.36 - AuthenTec, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.13(T) - TOSHIBA CORPORATION)
Camfrog Video Chat 6.3 (HKLM-x32\...\Camfrog 6.3) (Version: 6.3.208 - Camshare Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GWXStopper 1.20 (HKLM-x32\...\GWXStopper_is1) (Version: - Greatis Software, LLC.)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.18.0 (HKLM-x32\...\{9602841E-ECE2-1019-AAEE-906A4DE25D6B}) (Version: 1.2.18.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.5 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.3000 - Maxthon International Limited)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.25.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.25.0 - Renesas Electronics Corporation)
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
RoboForm 7-9-13-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-13-5 - Siber Systems)
RogueKiller version 12.12.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.10.0 - Adlice Software)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TFPU (HKLM\...\{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.0 - TOSHIBA) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.6 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{A9FD58A9-7640-4E61-B166-F5FBAD8219F6}) (Version: 8.0.42 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{41C2B21A-63BB-4377-9567-A97B15F21E59}) (Version: 1.3.7.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.3.49 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.6 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.11.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2003 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.9 - TOSHIBA Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.16.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.29 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2030355160-575983693-1602061601-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\siedog\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2030355160-575983693-1602061601-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\siedog\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2030355160-575983693-1602061601-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\siedog\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll [2010-03-02] (TOSHIBA)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.)
ContextMenuHandlers1: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\TFPU\TFPUFileShellExt.dll [2010-03-02] (TOSHIBA)
ContextMenuHandlers1: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-08-31] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.)
ContextMenuHandlers6: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\TFPU\TFPUFileShellExt.dll [2010-03-02] (TOSHIBA)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15ABC649-A2A7-457A-9386-10AF2A5A987C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-12] (AVAST Software)
Task: {1634E891-8C1F-4A04-BBD1-ECD916613CA2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\windows\system32\GWX\GWX.exe
Task: {1D89F374-1AAE-48D0-AB6C-3033970A1B71} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2030355160-575983693-1602061601-1000UA => C:\Users\siedog\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {20434B6A-46C2-428F-B598-1231BD884234} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {2E17B900-F5AD-4829-A9AA-E30E6F7D30BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {31897D2A-18EC-4EF2-8366-58F044138CC1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {320B34D7-F2EC-4C76-AD99-04D9AC0CD9E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3658D8E1-9EDD-4ACA-B3CE-AD65AAC23F41} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-06-16] (TOSHIBA CORPORATION)
Task: {3C061830-DCAD-496D-B45D-9AE54CF1211F} - System32\Tasks\Open URL by RoboForm => C:\windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKMLJNMPMOMKJLJPMCNOJJJLJKJCNLMPMHMLJCNOJLJJMGMCNHMNJJMMJKMMJNMJJNMKJJMPMJNJICMIMCNGMCNOMMMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMJMJMIMJNHICMEKMICNJJCKJNBJCMMIGJKJLJAJIJJNKJCMJNNICMJNDJCMKJBJJNMJCMOM (the data entry has 43 more characters).
Task: {48543D34-0748-4991-91D9-F702172B242B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4CF1A1C5-ADC8-44C0-86FC-4F86A71C517B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4CF1A1C5-ADC8-44C0-86FC-4F86A71C517B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\windows\system32\GWX\GWXDetector.exe
Task: {526FE55F-157B-491E-8DF8-428B5844B8E2} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-05-09] (Siber Systems)
Task: {5421715A-F3F1-4BFB-9481-774722DC1D5B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {5B93B52A-83AE-4E51-BC11-22B54C684E70} - System32\Tasks\SafeZone scheduled Autoupdate 1457761181 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {5E7FFC6C-FC22-4564-8767-BE1C544453C0} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {5E7FFC6C-FC22-4564-8767-BE1C544453C0} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\windows\system32\GWX\GWXDetector.exe
Task: {5F4F1B58-F743-4C41-8E33-554E2952E136} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe
Task: {7520C490-6F13-4510-8872-704C1CFCB91B} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-12-11] (Maxthon International ltd.)
Task: {7AE745D8-DACA-4BDF-B07B-77725E79D058} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {7B6DEC9B-311B-4C3F-BDBA-A295C784812D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2030355160-575983693-1602061601-1000Core => C:\Users\siedog\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8882EB3D-AD0E-40BB-97DA-94F1F4450A6D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {8B82523C-6E53-4B46-AD81-D772076D874A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\windows\system32\GWX\GWX.exe
Task: {8C4126EC-2B62-4EE2-A634-F1BFD1AC93A1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8E47A19B-D8C8-4546-A9E2-3F656D876633} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {947DE79A-0B58-478D-BEBF-0CF0635E96F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\windows\system32\GWX\GWXConfigManager.exe
Task: {95D6B7E2-DD21-4755-B582-2FBA963B5B35} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {97B8DF6A-EF19-41FF-9079-C8AEF4177B4D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\windows\system32\GWX\GWX.exe
Task: {A24E61EA-4AD4-48AB-A05C-09BDEFBE2547} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {A24E61EA-4AD4-48AB-A05C-09BDEFBE2547} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): C:\windows\system32\GWX\GWXDetector.exe
Task: {AAD596DB-9B3B-43D9-B735-8E46480C9192} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\windows\system32\GWX\GWX.exe
Task: {AC20EE62-DD0E-4DA6-971B-2DC7DC5EAF35} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => C:\windows\system32\GWX\GWX.exe
Task: {B45EE8BA-534B-4806-82A8-F1184405B022} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {C8592277-1043-4A40-924D-A9EBB3EC6881} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-09] (AVAST Software)
Task: {CEB7C134-E7EE-4546-8F2B-461B1E96CFF4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\windows\system32\GWX\GWX.exe
Task: {D97D82C5-20CB-4F09-8DE6-AD62D30D0482} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DEFE004C-D3E7-454C-8A7B-04EC5B6AD060} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E54B8637-02EE-4015-B86F-999220EECFF0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {EAC02D2E-9D5D-4FB3-BC08-030D5394DD8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {F65BA010-4B9F-4E31-8862-B825AFE4E9A8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-05-31 17:32 - 2011-05-31 17:32 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-07-15 12:09 - 2012-10-04 19:49 - 000087152 _____ () C:\windows\System32\cpwmon64.dll
2011-01-08 11:49 - 2011-01-08 11:49 - 000360312 _____ () C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll
2018-03-27 00:18 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-27 00:18 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-12 20:07 - 2018-03-12 20:07 - 000721624 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2011-08-31 12:13 - 2011-08-31 12:13 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-22 15:19 - 2011-08-22 15:19 - 011204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 10:37 - 2010-11-30 10:37 - 000048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-08-12 14:57 - 2011-08-12 14:57 - 000437632 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-12-15 15:19 - 2010-12-15 15:19 - 000124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-06-09 21:09 - 2011-06-09 21:09 - 000079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-30 12:49 - 2018-03-30 12:49 - 005809296 _____ () C:\Program Files\AVAST Software\Avast\defs\18033004\algo.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-03-12 20:07 - 2018-03-12 20:07 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 000339672 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-03-31 08:07 - 2018-03-31 08:07 - 005810832 _____ () C:\Program Files\AVAST Software\Avast\defs\18033100\algo.dll
2013-08-14 02:47 - 2013-05-16 10:55 - 000113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-08-14 02:47 - 2013-05-16 10:55 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-08-14 02:47 - 2013-05-16 10:55 - 000161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-08-14 02:47 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-08-14 02:47 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2018-03-12 20:08 - 2018-03-12 20:08 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-12 20:07 - 2018-03-12 20:07 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2030355160-575983693-1602061601-1000\...\123simsen.com -> www.123simsen.com

There are 7935 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-06-18 22:35 - 000000027 _____ C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2030355160-575983693-1602061601-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\siedog\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BB8B1D37-3C4F-4B44-A839-77961A682FDB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{45B8D88B-15DB-4C68-802C-D7B22EA711B1}] => (Allow) LPort=2869
FirewallRules: [{6160DB7F-B176-4987-9C07-3698D0B28707}] => (Allow) LPort=1900
FirewallRules: [{245774BE-927B-49C7-92B0-953115F86D3D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CB4BB4CE-C744-4B75-91C2-DDB65B34330A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B606EF12-F6B7-4E11-AE4C-DA235BCB6B5B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1342C5F7-97BA-4587-80B6-3C9CDB1F84AB}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{7EDC955B-E2AF-49F9-9826-52642A30CB83}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{4F14B451-E6BD-4D94-A66D-076EA54660F6}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F265837D-2DC8-4813-9163-6ADA65200C6A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{CB89D180-758F-4E0B-AEA0-5FAC16EE4ECE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1FD34AC0-6D4E-43C5-92BD-4B35D0879943}] => (Allow) C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
FirewallRules: [{61BF875E-E295-464E-B9C4-3312EDB92202}] => (Allow) C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
FirewallRules: [{C4697A7B-533F-4DF4-9583-01CAF63EFA8B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE6465AE-2D33-4CCA-AA1A-FFE7F26DAE42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1072C3AC-FFE4-4891-A682-E98C0A68F9FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8E27ED4B-7661-4887-A4CC-B421EB056E65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC8B714F-A05D-40F8-9A8C-0098677DF8D6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{1BD6768F-69AF-4767-92BF-5C48B72ACE94}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{F7E1B725-0341-4C1E-8462-F34F4C01097C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

31-03-2018 10:46:36 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2018 08:13:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/31/2018 08:13:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/31/2018 08:08:24 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (03/31/2018 08:07:24 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2018 08:07:24 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2018 08:07:24 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2018 08:07:24 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (03/31/2018 08:07:24 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2018 08:07:24 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/31/2018 08:07:24 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (03/31/2018 10:45:00 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/31/2018 08:07:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/31/2018 08:07:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (03/31/2018 08:07:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/31/2018 08:07:25 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (03/31/2018 08:06:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/31/2018 08:05:09 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (03/31/2018 08:05:09 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (03/31/2018 08:05:09 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (03/31/2018 08:05:06 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

CodeIntegrity:
===================================
Date: 2017-06-18 22:34:17.930
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-18 22:34:17.790
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2557M CPU @ 1.70GHz
Percentage of memory in use: 35%
Total physical RAM: 3972.55 MB
Available physical RAM: 2581.91 MB
Total Virtual: 7943.3 MB
Available Virtual: 5613.55 MB

==================== Drives ================================

Drive c: (TI106301W0D) (Fixed) (Total:108.48 GB) (Free:9.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (My Passport) (Fixed) (Total:3725.99 GB) (Free:3444.94 GB) NTFS
Drive I: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:8.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 4EF6EEA1)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=108.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.3 GB) - (Type=17)

========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 16F2A91F)

Partition: GPT.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 01891787)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Mar 31, 2018

Those are clean.
Regarding repartition you'd have to ask at Windows forum.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

siedog · Apr 1, 2018

Ok, I'll try to ask about repartitioning in the Windows forum. Here are the logs, Sophos says that I'm clean:

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 8 Update 161
Java version 32-bit out of Date!
Adobe Flash Player 29.0.0.113
Google Chrome (65.0.3325.181)
Google Chrome (plugins...)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
Malwarebytes Anti-Malware mbamtray.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast x64 aswidsagenta.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 27-01-2016
Ran by siedog (administrator) on 01-04-2018 at 12:01:33
Running from "C:\Users\siedog\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Let me know if there's anything else or any other pointers about making my computer run faster and not as sluggish. Thanks a lot.

Broni · Apr 1, 2018

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

Broni · Apr 6, 2018

The issue seems to be resolved.

Solved System running slow and sluggish part1 FRST.log

siedog

Posts: 71 +0

siedog

Posts: 71 +0

Broni

Posts: 56,041 +516

siedog

Posts: 71 +0

Broni

Posts: 56,041 +516

siedog

Posts: 71 +0

siedog

Posts: 71 +0

Broni

Posts: 56,041 +516

siedog

Posts: 71 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts