View Full Version : unexpected error encountered computer must restart msg
gogeko34
2016-09-02, 04:25
A couple of days ago I booted up my computer and attempted to launch my browser (I use Google Chrome) and my screen turned blue with a quick msg that said something like unexpected error computer must restart and something about sending an error report? My computer screen went black pretty quickly but did not power down completely. The green lights on the tower were still on. I had to manually turn it off by pressing the power button. I waited for several minutes before turning it back on. It powered on but the screen was black. I turned it off again, unplugged everything (I'm not sure why I did it) plugged everything back in and powered it back on and it froze at the first screen (which is the Dell Bios screen) I left it for a long time (20 minutes or more) and it never progressed. Later I turned my computer on and it booted up as usual and I was able to use it until I was done. I ran Spybot and fixed what was found. The next day it wouldn't power up properly again. I had to repeat it three or four times to get it to fully boot up. I don't know if it's a hardware or software problem. I thought I would check with the experts at Safer-Networking to find out if this was happening to anyone else and could be fixed.
I'm using Windows 10.
I appreciate any assistance you can provide.
Thanks, Tonia
gogeko34
2016-09-02, 07:09
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1608.2211.0_x86__8wekyb3d8bbwe\CompanionApp.exe
() C:\Users\Owner\Downloads\Antivirus_Free_Edition_x86.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Owner\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [Amazon Music] => C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-18] ()
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [Spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-18] (Spotify Ltd)
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-08-18] (Spotify Ltd)
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{d6e9e1c6-feb1-488b-99c5-676444bb5929}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\41z8meb4.default-1437084644509
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4030092792-1861841708-2368464224-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-08-04] (Citrix Online)
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://my.yahoo.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Play Music) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-08-31]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Pinterest Save Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-07-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2016-07-01] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [108008 2013-07-02] (Bitdefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [137632 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [22432 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2016-08-31] (Malwarebytes Corporation)
R1 MpKsl91059ad0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EE8385C6-6305-4FCD-9414-94511AFC3273}\MpKsl91059ad0.sys [39168 2016-08-31] (Microsoft Corporation)
R3 NuidFltr; C:\WINDOWS\System32\drivers\NuidFltr.sys [44328 2015-11-17] (Microsoft Corporation)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-01 23:56 - 2016-09-01 23:57 - 00014640 _____ C:\Users\Owner\Downloads\FRST.txt
2016-09-01 23:53 - 2016-09-01 23:56 - 00000000 ____D C:\FRST
2016-09-01 23:52 - 2016-09-01 23:53 - 01747968 _____ (Farbar) C:\Users\Owner\Downloads\FRST (1).exe
2016-09-01 23:43 - 2016-09-01 23:43 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-OWNER-PC-Windows-10-Home-(32-bit).dat
2016-09-01 23:43 - 2016-09-01 23:43 - 00000000 ____D C:\RegBackup
2016-09-01 23:41 - 2016-09-01 23:41 - 00017375 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-09-01 23:41 - 2016-09-01 23:41 - 00002258 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-09-01 23:41 - 2016-09-01 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-09-01 23:41 - 2016-09-01 23:41 - 00000000 ____D C:\Program Files\Tweaking.com
2016-09-01 23:39 - 2016-09-01 23:41 - 05575304 _____ (Tweaking.com) C:\Users\Owner\Downloads\tweaking.com_registry_backup_setup.exe
2016-09-01 21:55 - 2016-09-01 21:55 - 00242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2016-09-01 21:55 - 2016-09-01 21:55 - 00217968 _____ C:\ProgramData\1472780618.bdinstall.bin
2016-09-01 21:47 - 2016-09-01 21:47 - 00002249 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2016-09-01 21:47 - 2016-09-01 21:47 - 00000000 ____D C:\WINDOWS\LastGood
2016-09-01 21:47 - 2016-09-01 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2016-09-01 21:47 - 2013-04-17 13:59 - 00633344 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-09-01 21:47 - 2013-04-17 13:59 - 00486536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-09-01 21:47 - 2012-11-02 13:17 - 00242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\SETB00C.tmp
2016-09-01 21:44 - 2016-09-01 21:47 - 00000000 ____D C:\Program Files\Bitdefender
2016-09-01 21:44 - 2013-05-28 11:11 - 00355744 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-09-01 21:44 - 2013-04-22 12:20 - 00164952 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-09-01 21:43 - 2016-09-01 21:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
2016-09-01 21:42 - 2016-09-01 21:43 - 10056744 _____ C:\Users\Owner\Downloads\Antivirus_Free_Edition_x86.exe
2016-09-01 21:42 - 2016-09-01 21:42 - 00196944 _____ C:\Users\Owner\Downloads\Antivirus_Free_Edition.exe
2016-09-01 19:29 - 2016-09-01 19:29 - 00093748 _____ C:\WINDOWS\Minidump\090116-35281-01.dmp
2016-08-31 18:56 - 2016-08-31 18:56 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2016-08-31 18:56 - 2016-08-31 18:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2016-08-30 17:30 - 2016-08-30 17:29 - 00453443 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160830-173036.backup
2016-08-30 17:29 - 2016-04-01 11:27 - 00451921 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160830-172941.backup
2016-08-30 15:51 - 2016-09-01 19:29 - 240225385 _____ C:\WINDOWS\MEMORY.DMP
2016-08-30 15:51 - 2016-08-30 15:51 - 00094228 _____ C:\WINDOWS\Minidump\083016-43734-01.dmp
2016-08-24 22:15 - 2016-08-24 22:16 - 07334450 _____ C:\Users\Owner\Downloads\33-ways-to-write-stronger-characters-worksheet.pdf
2016-08-23 09:12 - 2016-08-23 09:12 - 04387191 _____ C:\Users\Owner\Downloads\The-Complete-First-Website-Manual.pdf
2016-08-18 17:33 - 2016-08-18 17:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2016-08-10 11:56 - 2016-08-03 01:52 - 05793632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 11:56 - 2016-08-03 01:52 - 00083808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 11:56 - 2016-08-03 01:32 - 00413024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 11:56 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 11:56 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 11:56 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 11:56 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 11:56 - 2016-08-03 01:29 - 01337680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 11:56 - 2016-08-03 01:29 - 00633192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 11:56 - 2016-08-03 01:28 - 00505136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 11:56 - 2016-08-03 01:28 - 00139616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 11:56 - 2016-08-03 01:21 - 01712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 11:56 - 2016-08-03 01:21 - 00483680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 11:56 - 2016-08-03 01:21 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 11:56 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 11:56 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 11:56 - 2016-08-03 00:41 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 11:56 - 2016-08-03 00:39 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 11:56 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 11:56 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 11:56 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 11:56 - 2016-08-03 00:33 - 01152512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 11:56 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 11:56 - 2016-08-03 00:32 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 11:56 - 2016-08-03 00:32 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 11:56 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 11:56 - 2016-08-03 00:27 - 02973696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 11:56 - 2016-08-03 00:27 - 01903104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 11:56 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 11:56 - 2016-08-03 00:24 - 01735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 11:56 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 11:56 - 2016-08-03 00:22 - 01900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 11:56 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 11:56 - 2016-08-03 00:22 - 01086976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 11:56 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 11:55 - 2016-08-03 02:27 - 01303744 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 11:55 - 2016-08-03 02:27 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 11:55 - 2016-08-03 02:27 - 00045760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 11:55 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 11:55 - 2016-08-03 01:43 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 11:55 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 11:55 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 11:55 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 11:55 - 2016-08-03 01:32 - 00260448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 11:55 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 11:55 - 2016-08-03 01:18 - 00346464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 11:55 - 2016-08-03 00:58 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 11:55 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 11:55 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 11:55 - 2016-08-03 00:48 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 11:55 - 2016-08-03 00:47 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 11:55 - 2016-08-03 00:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 11:55 - 2016-08-03 00:44 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 11:55 - 2016-08-03 00:43 - 00180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 11:55 - 2016-08-03 00:43 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 11:55 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 11:55 - 2016-08-03 00:40 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 11:55 - 2016-08-03 00:40 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 11:55 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 11:55 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 11:55 - 2016-08-03 00:39 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 11:55 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 11:55 - 2016-08-03 00:37 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 11:55 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 11:55 - 2016-08-03 00:35 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 11:55 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 11:55 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 11:55 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 11:55 - 2016-08-03 00:33 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 11:55 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 11:55 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 11:55 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 11:55 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 11:55 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 11:55 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 11:55 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 11:55 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 11:55 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 11:55 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 11:55 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 11:55 - 2016-08-03 00:20 - 03483648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-08 21:57 - 2016-08-08 21:57 - 00077312 _____ C:\Users\Owner\Downloads\Novel Working Charts.xls
2016-08-08 19:27 - 2016-08-08 19:27 - 07238029 _____ C:\Users\Owner\Downloads\starstruck_shifter.mobi
2016-08-08 19:27 - 2016-08-08 19:27 - 00572781 _____ C:\Users\Owner\Downloads\untamed_obsession_den_of_sin_.mobi
2016-08-08 19:24 - 2016-08-08 19:25 - 02142864 _____ C:\Users\Owner\Downloads\raw_and_dirty.mobi
2016-08-05 17:45 - 2016-08-05 17:45 - 06153790 _____ C:\Users\Owner\Downloads\dict-en.oxt
2016-08-04 22:55 - 2016-08-04 22:55 - 00567103 _____ C:\Users\Owner\Downloads\The Boss Vol 1-3 - Cari Quinn.mobi
2016-08-04 16:12 - 2016-08-31 20:19 - 00000000 ____D C:\Users\Owner\AppData\Local\Citrix
2016-08-02 18:33 - 2016-08-02 18:34 - 01369722 _____ C:\Users\Owner\Downloads\safe_haven_boxed_set.mobi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-01 23:23 - 2014-09-07 15:09 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-01 23:07 - 2013-03-12 12:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-01 21:47 - 2015-10-30 01:47 - 00000000 ____D C:\WINDOWS\INF
2016-09-01 19:52 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 19:52 - 2015-10-30 01:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-01 19:48 - 2015-10-30 01:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-01 19:48 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-01 19:32 - 2014-09-07 15:12 - 00000000 ___RD C:\Users\Owner\Google Drive
2016-09-01 19:30 - 2014-09-07 15:09 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-01 19:29 - 2016-07-28 23:25 - 00000000 ____D C:\WINDOWS\Minidump
2016-09-01 19:29 - 2016-03-10 10:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-31 20:24 - 2015-08-05 17:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-08-31 20:19 - 2013-11-18 13:11 - 00000000 ____D C:\Program Files\VideoLAN
2016-08-31 18:59 - 2014-09-01 12:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2016-08-31 18:55 - 2014-09-01 12:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify
2016-08-30 22:14 - 2016-03-10 10:30 - 00000000 ____D C:\Users\Owner
2016-08-30 22:00 - 2016-06-11 19:30 - 00000000 ____D C:\Users\Owner\Documents\writing tips
2016-08-30 15:59 - 2016-03-10 10:29 - 00988244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-28 00:24 - 2015-10-10 22:13 - 00012869 _____ C:\Users\Owner\Documents\early latin dance.odt
2016-08-19 19:50 - 2016-06-10 22:55 - 00000000 ____D C:\Program Files\Scrivener
2016-08-18 17:34 - 2016-03-10 20:08 - 00002405 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-18 17:34 - 2016-03-10 20:08 - 00000000 ___RD C:\Users\Owner\OneDrive
2016-08-17 17:27 - 2014-09-07 15:10 - 00002073 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-08-17 17:27 - 2014-09-07 15:10 - 00002071 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-08-17 17:27 - 2014-09-07 15:10 - 00002061 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-08-17 17:27 - 2014-09-07 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-11 18:53 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 23:51 - 2015-10-30 01:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-10 23:50 - 2015-10-30 02:58 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 23:50 - 2015-10-30 01:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 13:04 - 2014-04-21 14:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 12:43 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 12:43 - 2014-04-21 14:12 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 17:24 - 2014-09-24 13:39 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 17:24 - 2014-09-24 13:39 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-05 20:44 - 2016-07-19 12:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GPMDP
2016-08-05 17:53 - 2015-11-08 12:36 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2014-05-14 21:20 - 2014-05-14 21:20 - 0000040 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2016-09-01 21:55 - 2016-09-01 21:55 - 0217968 _____ () C:\ProgramData\1472780618.bdinstall.bin
2015-01-05 22:47 - 2015-01-06 00:07 - 8673792 _____ () C:\ProgramData\atscie.msi
2014-05-06 13:09 - 2014-05-06 13:12 - 0000246 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-27 19:39
==================== End of FRST.txt ============================
gogeko34
2016-09-02, 07:12
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Owner (01-09-2016 23:58:01)
Running from C:\Users\Owner\Downloads
Microsoft Windows 10 Home Version 1511 (X86) (2016-03-10 14:50:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4030092792-1861841708-2368464224-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4030092792-1861841708-2368464224-503 - Limited - Disabled)
Guest (S-1-5-21-4030092792-1861841708-2368464224-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4030092792-1861841708-2368464224-1002 - Limited - Enabled)
Owner (S-1-5-21-4030092792-1861841708-2368464224-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Citrix Online Launcher (HKLM\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Google Chrome (HKLM\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
QuickTime (HKLM\...\QuickTime) (Version: - )
Scrivener Update (HKLM\...\Scrivener 1900) (Version: 1960 - Literature and Latte)
Spotify (HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.0 - Tweaking.com)
WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
yWriter6 (HKLM\...\yWriter6_is1) (Version: - Spacejock Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}\InprocServer32 -> Rnvrcs.dll => No File
CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{880804D3-6A76-4a39-8F95-641CFA984557}\InprocServer32 -> %LOCALAPPDATA%\HuluDesktop\instances\0.9.14.1\hdIEPlg.dll => No File
CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03DFCD56-A98B-46D4-9D4B-E1972F8B80BC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-18] (Microsoft Corporation)
Task: {06B1FDD1-9AAA-4504-AB52-89160A212A40} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0CCCE18F-FFB9-40B6-9854-3ABF824B5AAB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {121809E5-6D3A-4F5F-9F0F-51CD6C0F0B69} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1DEB3732-27A5-4A6C-A536-4702F8B072A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {22BC150D-8B18-4C1F-8D42-8855880BBDAD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {2A6D9D8D-6112-43C5-966B-85F3728313C9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2DAEA87C-86AC-40DE-A359-700FA9D5FE93} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {33ECED19-4E20-407E-9089-F83710CD100D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {36BF9E44-DBA5-4D18-8A2F-B620B0534F8C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3B7116AB-E02A-4E27-8855-E1EA028999B4} - System32\Tasks\UpdaterEX => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {425FD655-8FF9-439A-A65F-0BD8DCA4F3BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {433DB1B2-26E3-4B7B-BDBA-A510ADCF241A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {47026316-1942-4F3D-B426-1714D134D5CE} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {55AB25D1-C7F0-4FDF-B692-A4C29FB3FEF8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {57B48964-77DA-47A5-B2BC-8313AF3627FD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D812CED-0169-4B5C-8752-CFD4C37A2BE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {603BF118-5B4D-40F5-A486-948329586DE8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {635385F1-8BBC-4478-A808-DAB2F3C8628E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {63E19ABD-BEF6-4D88-A9F7-7A3C0E7626D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6B6C4B78-7A58-485F-A61D-9CFA6C04A657} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {70D086BF-8544-48FF-B7FF-5BF3113A0C76} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {70E5E7F1-670F-457F-BF52-8F1DB875008A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {750DA92C-678B-43EC-9B33-456CD7EA2FD1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {75884FC2-2FF7-4C75-A8CA-6488576414AB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {829B21DA-7739-4C90-957C-98DC9C8F914A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {94AEF91F-5F0D-42F3-B022-6716CA643AEB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9F876EBA-83FC-482E-89BF-81A18CA7C03D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B1BA70DD-79CF-4168-9861-9832ADD5188C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {BD09BA61-FC8D-49B9-8B28-14D1EDB9E4FF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {BFE0BBD0-C3FE-4C7C-A368-4CCF17749168} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {D3F0C711-25A0-44B8-86B1-254CEB78D225} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DB441ACD-FAE3-4A65-8F2C-69EF664F8857} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E021BA1A-E6D3-430B-968F-7C23FC545559} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E08DFD32-9247-4235-B633-11CC453AA832} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E51A7559-C977-4911-9A6A-6B83CB8B0AF5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E5B3FB82-5D84-476C-83E9-42BDD523B259} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E75A966F-429F-4C5E-A3C5-E08CD512616F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E826665B-C096-40EA-AB45-7FFD760C56E2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E87E36E7-DC72-41A8-A5B1-EB5CFB9C81F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E896F520-6033-4687-8272-D3A4DE76E299} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {ECF432F5-B652-4545-8356-B715F32D5CE6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {EF2CA483-2301-4A8C-8315-929229013A61} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {F28494F9-3ECC-4658-83B1-92DAD8FDAFB1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {F4958A23-8F04-4404-8D50-8B27BE36C4F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-01 10:33 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-01 10:33 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-01 10:33 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-07-12 21:10 - 2016-07-01 00:38 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 21:10 - 2016-07-01 00:38 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-18 17:33 - 2016-08-18 17:33 - 01383616 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-03-10 13:15 - 2016-03-10 13:15 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 21:09 - 2016-06-30 23:31 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-01 19:31 - 2016-09-01 19:31 - 00098816 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32api.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00110080 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\pywintypes27.dll
2016-09-01 19:31 - 2016-09-01 19:31 - 00364544 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\pythoncom27.dll
2016-09-01 19:31 - 2016-09-01 19:31 - 00320512 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32com.shell.shell.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00776704 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_hashlib.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 01176576 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._core_.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00806400 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._gdi_.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00816128 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._windows_.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 01067008 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._controls_.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00733184 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._misc_.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00682496 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\pysqlite2._sqlite.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00088064 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_ctypes.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00119808 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32file.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00108544 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32security.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00007168 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\hashobjs_ext.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00017920 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\thumbnails_ext.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00088064 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\usb_ext.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00012800 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\common.time34.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00018432 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32event.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00167936 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32gui.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00046080 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_socket.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 01208320 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_ssl.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00128512 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_elementtree.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00127488 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\pyexpat.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00038912 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32inet.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00036864 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_psutil_windows.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00525208 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\windows._lib_cacheinvalidation.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00011264 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32crypt.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00077312 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._html2.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00027136 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_multiprocessing.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00020480 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_yappi.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00035840 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32process.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00686080 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\unicodedata.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00078848 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._animate.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00123392 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._wizard.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00024064 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32pipe.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00010240 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\select.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00025600 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32pdh.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00017408 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32profile.pyd
2016-09-01 19:31 - 2016-09-01 19:31 - 00022528 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32ts.pyd
2016-04-18 16:59 - 2016-04-18 17:00 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-18 16:59 - 2016-04-18 17:00 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 16:59 - 2016-04-18 17:00 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-24 17:45 - 2016-08-24 17:46 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1608.2211.0_x86__8wekyb3d8bbwe\CompanionApp.exe
2016-08-24 17:45 - 2016-08-24 17:46 - 03454464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1608.2211.0_x86__8wekyb3d8bbwe\CompanionApp.dll
2016-08-24 17:45 - 2016-08-24 17:46 - 00508928 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1608.2211.0_x86__8wekyb3d8bbwe\CompanionAppDeviceManager.dll
2016-03-10 20:41 - 2016-03-10 20:41 - 00169984 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1608.2211.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-09-01 21:42 - 2016-09-01 21:43 - 10056744 _____ () C:\Users\Owner\Downloads\Antivirus_Free_Edition_x86.exe
2016-09-01 21:47 - 2013-03-19 11:07 - 00522136 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2016-09-01 21:47 - 2013-09-03 13:29 - 00105448 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2016-08-15 17:41 - 2016-08-15 18:03 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-15 17:41 - 2016-08-15 18:03 - 11393536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-05 15:17 - 2016-06-05 15:18 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-10 20:56 - 2016-03-10 20:59 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-07-12 21:10 - 2016-06-30 23:13 - 05340160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 21:10 - 2016-06-30 23:08 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 21:10 - 2016-06-30 23:08 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 21:10 - 2016-06-30 23:11 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-08 17:24 - 2016-08-02 19:54 - 17602240 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7914 more sites.
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\123simsen.com -> www.123simsen.com
There are 7915 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2016-08-30 17:30 - 00453443 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15555 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "APSDaemon"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\StartupApproved\Run: => "Spotify"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{46FBA79F-4171-4C78-B49E-38C7AB43B17C}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E002756B-88F0-47D8-8968-4E261AFE5D91}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6BC93BFA-F55B-4E72-8FD0-81BB8556F067}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AE1D72ED-5F4E-4008-BED1-6F9768C10B7C}] => (Allow) LPort=67
FirewallRules: [{E8EBA4B5-CB43-45C5-BAB3-3D456F6A05DF}] => (Allow) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{8434326C-2785-4961-8382-8CE81BF55204}] => (Allow) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [UDP Query User{1BEA4507-3FF4-4700-9FC8-BECA77B7DA0E}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe
FirewallRules: [TCP Query User{93A43657-9057-4953-9C7A-E78B99C1E0B7}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe
FirewallRules: [UDP Query User{52F84905-7038-430A-B35D-30812B924A0F}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe
FirewallRules: [TCP Query User{0C1B73AC-73A2-4940-8208-1209CAA92417}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe
FirewallRules: [UDP Query User{0A03A2C7-F418-4011-ACFE-3F83095F1248}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8F06D330-8C00-4E92-9A4D-E656010F08FA}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B603E256-9F4E-4AF4-86B5-200C31517A89}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B44E9551-FA60-4D38-B622-358D4C320D58}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
15-08-2016 19:14:49 Scheduled Checkpoint
24-08-2016 21:23:04 Scheduled Checkpoint
01-09-2016 19:50:12 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/01/2016 08:18:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (09/01/2016 08:12:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (09/01/2016 08:07:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (09/01/2016 08:01:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (09/01/2016 07:54:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (09/01/2016 07:51:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (09/01/2016 07:47:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/31/2016 08:16:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDScan.exe version 2.6.44.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1988
Start Time: 01d203dbdf238a23
Termination Time: 4294967295
Application Path: C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Report Id: 11bb00fe-6fd9-11e6-a535-001aa0ae0fd9
Faulting package full name:
Faulting package-relative application ID:
Error: (08/31/2016 08:15:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spotify.exe version 1.0.36.124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: cf4
Start Time: 01d203da80ebaa6d
Termination Time: 4294967295
Application Path: C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
Report Id: 181f3405-6fd9-11e6-a535-001aa0ae0fd9
Faulting package full name:
Faulting package-relative application ID:
Error: (08/31/2016 08:15:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDWelcome.exe version 2.4.40.130 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1124
Start Time: 01d203dbcbf452be
Termination Time: 4294967295
Application Path: C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
Report Id: 1b3af2f7-6fd9-11e6-a535-001aa0ae0fd9
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (09/01/2016 09:48:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The bdfwfpf service failed to start due to the following error:
Incorrect function.
Error: (09/01/2016 09:48:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The bdfwfpf service failed to start due to the following error:
Incorrect function.
Error: (09/01/2016 09:47:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The bdfwfpf service failed to start due to the following error:
The system cannot find the file specified.
Error: (09/01/2016 07:29:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/01/2016 07:29:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.
Error: (09/01/2016 07:29:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDScannerService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/01/2016 07:29:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SDScannerService service to connect.
Error: (09/01/2016 07:29:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (09/01/2016 07:29:27 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000080 (0x004f4454, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 3c22c186-b838-4127-8f8c-c147ea7cbec0.
Error: (09/01/2016 07:29:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:08:56 PM on 8/31/2016 was unexpected.
CodeIntegrity:
===================================
Date: 2016-09-01 21:41:27.115
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:41:27.098
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:41:27.078
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:41:24.826
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:41:24.794
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:33:26.978
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:33:26.962
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:33:26.938
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:33:26.333
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:33:26.251
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) D CPU 3.40GHz
Percentage of memory in use: 73%
Total physical RAM: 2037.61 MB
Available physical RAM: 532.13 MB
Total Virtual: 4085.61 MB
Available Virtual: 1748.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.47 GB) (Free:108 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================
gogeko34
2016-09-02, 07:17
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-09-02 00:03:26
-----------------------------
00:03:26.626 OS Version: Windows 6.2.9200
00:03:26.626 Number of processors: 2 586 0x604
00:03:26.629 ComputerName: OWNER-PC UserName: Owner
00:03:57.525 Initialize success
00:03:57.654 VM: initialized successfully
00:03:57.656 VM: Intel CPU virtualization not supported
00:11:36.427 AVAST engine defs: 16083103
00:14:18.745 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
:snwelcome:
Looks like your infected with MySearchDial
Your running FRST64 from your Downloads folder, our tools and scanners work more efficiently when run from the Desktop in lieu of being buried in some folder, so go to your Downloads folder and look for FRST64, right click on it and select CUT, then come back to your Desktop and right click on a blank space and select PASTE, then we will have FRST64 exactly where we want it to be.
Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
Please copy the entire contents Inside of the code box below beginning with START and ending with END
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Name the file Fixlist.txt , Save it to your desktop where you have FRST/FRST64 or the fix wont work. Right Click on FRST/FRST64 and select RUN AS ADMINISTRATOR Then click on >FIX< (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please
Start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}\InprocServer32 -> Rnvrcs.dll => No File
Task: {0CCCE18F-FFB9-40B6-9854-3ABF824B5AAB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1DEB3732-27A5-4A6C-A536-4702F8B072A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3B7116AB-E02A-4E27-8855-E1EA028999B4} - System32\Tasks\UpdaterEX => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {425FD655-8FF9-439A-A65F-0BD8DCA4F3BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {70D086BF-8544-48FF-B7FF-5BF3113A0C76} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {750DA92C-678B-43EC-9B33-456CD7EA2FD1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9F876EBA-83FC-482E-89BF-81A18CA7C03D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D3F0C711-25A0-44B8-86B1-254CEB78D225} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E021BA1A-E6D3-430B-968F-7C23FC545559} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E5B3FB82-5D84-476C-83E9-42BDD523B259} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E87E36E7-DC72-41A8-A5B1-EB5CFB9C81F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E896F520-6033-4687-8272-D3A4DE76E299} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
All our tools and scanners work more efficiently when run from the DESKTOP in lieu of being buried in some folder, so download and run these tools right from the DESKTOP
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) TO YOUR DESKTOP
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers
http://i24.photobucket.com/albums/c30/ken545/AdwCleaner4.201_zpsxrbk2llq.jpg
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
===============================================================================
http://i24.photobucket.com/albums/c30/ken545/Capture_zpsge1t2tk9.jpg Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) TO YOUR DESKTOP
Download the one from Bleeping Computer
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
===============================================================================
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) TO YOUR DESKTOP
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
http://i24.photobucket.com/albums/c30/ken545/MBAM221%201043_zpsdtasp5xe.jpg
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
gogeko34
2016-09-03, 02:36
Ken,
Thank you so much for your assistance. I am very grateful for the time all of you at Safer-Networking put into this work. I have always had great success with Safer-Networking Experts.
Here is the fixlog:
Fix result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Owner (02-09-2016 17:51:30) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}\InprocServer32 -> Rnvrcs.dll => No File
Task: {0CCCE18F-FFB9-40B6-9854-3ABF824B5AAB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1DEB3732-27A5-4A6C-A536-4702F8B072A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3B7116AB-E02A-4E27-8855-E1EA028999B4} - System32\Tasks\UpdaterEX => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {425FD655-8FF9-439A-A65F-0BD8DCA4F3BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {70D086BF-8544-48FF-B7FF-5BF3113A0C76} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {750DA92C-678B-43EC-9B33-456CD7EA2FD1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9F876EBA-83FC-482E-89BF-81A18CA7C03D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D3F0C711-25A0-44B8-86B1-254CEB78D225} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E021BA1A-E6D3-430B-968F-7C23FC545559} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E5B3FB82-5D84-476C-83E9-42BDD523B259} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E87E36E7-DC72-41A8-A5B1-EB5CFB9C81F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E896F520-6033-4687-8272-D3A4DE76E299} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End
*****************
Processes closed successfully.
gogeko34
2016-09-03, 02:38
# AdwCleaner v6.010 - Logfile created 02/09/2016 at 18:15:08
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-01.2 [Server]
# Operating System : Windows 10 Home (X86)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Folder Found: C:\Users\Owner\AppData\Roaming\UpdaterEX
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
Task Found: UpdaterEX
***** [ Registry ] *****
Key Found: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found: HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Software\InstallCore
Key Found: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Software\UpdaterEX
Key Found: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found: HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found: HKCU\Software\InstallCore
Key Found: HKCU\Software\UpdaterEX
Key Found: HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found: HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found: HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDt
Key Found: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [2848 Bytes] - [02/09/2016 18:15:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2921 Bytes] ##########
gogeko34
2016-09-03, 02:42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x86
Ran by Owner (Administrator) on Fri 09/02/2016 at 18:32:17.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 4
Successfully deleted: C:\ProgramData\1472780618.bdinstall.bin (File)
Successfully deleted: C:\WINDOWS\prefetch\ANTIVIRUS_FREE_EDITION.EXE-CF8E86A0.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\ANTIVIRUS_FREE_EDITION_X86.EX-3D4526B1.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERCTRL.EXE-22B7B922.pf (File)
Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/02/2016 at 18:35:08.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes' Report:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9/2/2016
Scan Time: 6:52 PM
Logfile:
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.09.02.10
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 10
CPU: x86
File System: NTFS
User: Owner
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313824
Time Elapsed: 32 min, 23 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.MySearchDial, HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [64fefe6f623870c67ca18a086d95ee12],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [64fefe6f623870c67ca18a086d95ee12],
Registry Values: 1
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files\Mysearchdial\1.8.29.0\, Quarantined, [3f23f9743c5ebe78769a733aeb1843bd]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Hi,
Looks like you didn't post the entire FIXLOG , it should be on your desktop, can you post that please.
After you do that right click on FRST and select RUN AS ADMINISTRATOR, when it opens make sure there is a checkmark in ADDITIONS, leave everything else as is , then click on SCAN and post both new logs please
gogeko34
2016-09-03, 03:51
That's all I have on the log. My computer froze during the scan and I had to restart it. I will run it again and post the fix log again. I will also run the FRST and post those logs shortly.
Thanks
No reason to run the fix again as all or most of that stuff was removed, the new FRST and Additions logs will show if they where removed or not
gogeko34
2016-09-03, 04:13
Sorry Ken. I guess I should have run the program again after my computer froze. I didn't think about it because a log was produced. So I guess the process didn't finish and that's why the report is incomplete. Do I need to run the other programs again?
This is what I have for the second scan report:
Fix result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Owner (02-09-2016 20:54:09) Run:2
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}\InprocServer32 -> Rnvrcs.dll => No File
Task: {0CCCE18F-FFB9-40B6-9854-3ABF824B5AAB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1DEB3732-27A5-4A6C-A536-4702F8B072A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3B7116AB-E02A-4E27-8855-E1EA028999B4} - System32\Tasks\UpdaterEX => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {425FD655-8FF9-439A-A65F-0BD8DCA4F3BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {70D086BF-8544-48FF-B7FF-5BF3113A0C76} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {750DA92C-678B-43EC-9B33-456CD7EA2FD1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9F876EBA-83FC-482E-89BF-81A18CA7C03D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D3F0C711-25A0-44B8-86B1-254CEB78D225} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E021BA1A-E6D3-430B-968F-7C23FC545559} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E5B3FB82-5D84-476C-83E9-42BDD523B259} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E87E36E7-DC72-41A8-A5B1-EB5CFB9C81F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E896F520-6033-4687-8272-D3A4DE76E299} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CCCE18F-FFB9-40B6-9854-3ABF824B5AAB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CCCE18F-FFB9-40B6-9854-3ABF824B5AAB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DEB3732-27A5-4A6C-A536-4702F8B072A2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DEB3732-27A5-4A6C-A536-4702F8B072A2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B7116AB-E02A-4E27-8855-E1EA028999B4} => key not found.
C:\Windows\System32\Tasks\UpdaterEX => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{425FD655-8FF9-439A-A65F-0BD8DCA4F3BA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{425FD655-8FF9-439A-A65F-0BD8DCA4F3BA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{70D086BF-8544-48FF-B7FF-5BF3113A0C76}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70D086BF-8544-48FF-B7FF-5BF3113A0C76}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{750DA92C-678B-43EC-9B33-456CD7EA2FD1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{750DA92C-678B-43EC-9B33-456CD7EA2FD1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F876EBA-83FC-482E-89BF-81A18CA7C03D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F876EBA-83FC-482E-89BF-81A18CA7C03D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3F0C711-25A0-44B8-86B1-254CEB78D225}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3F0C711-25A0-44B8-86B1-254CEB78D225}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E021BA1A-E6D3-430B-968F-7C23FC545559}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E021BA1A-E6D3-430B-968F-7C23FC545559}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5B3FB82-5D84-476C-83E9-42BDD523B259}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5B3FB82-5D84-476C-83E9-42BDD523B259}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E87E36E7-DC72-41A8-A5B1-EB5CFB9C81F6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E87E36E7-DC72-41A8-A5B1-EB5CFB9C81F6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E896F520-6033-4687-8272-D3A4DE76E299}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E896F520-6033-4687-8272-D3A4DE76E299}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully.
C:\WINDOWS\Tasks\UpdaterEX.job => not found.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
=========== EmptyTemp: ==========
BITS transfer queue => 569853 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95691410 B
Java, Flash, Steam htmlcache => 728 B
Windows/system/drivers => 1898383 B
Edge => 7305839 B
Chrome => 822561984 B
Firefox => 159420179 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 13950 B
NetworkService => 2000124 B
Owner => 918641418 B
DefaultAppPool => 0 B
RecycleBin => 5011 B
EmptyTemp: => 1.9 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:57:18 ====
Thats what I needed , Thank you. Go ahead and run a new scan with FRST like I posted earlier and lets see if there is anything else to remove.
Take your time, been a looooong day, I will be back in the am
gogeko34
2016-09-03, 04:47
It has been a long day. I hope you get a good night of rest. I have work tomorrow so I went ahead and ran the scan again tonight. No hurry for you to review it. I've had to restart my computer several times today and I haven't had that problem again. I'm hopeful that it has been fixed :)
I have backed up several files on a thumb drive as well as my Google Drive. Should I do anything to make sure they don't reinfect my computer?
Thanks so much for your help, especially on a Friday night.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2016
Ran by Owner (administrator) on OWNER-PC (02-09-2016 21:31:30)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Farbar) C:\Users\Owner\Desktop\FRST (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [Amazon Music] => C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-18] ()
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [Spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-18] (Spotify Ltd)
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-08-18] (Spotify Ltd)
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{d6e9e1c6-feb1-488b-99c5-676444bb5929}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\41z8meb4.default-1437084644509
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4030092792-1861841708-2368464224-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-08-04] (Citrix Online)
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://my.yahoo.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Play Music) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-08-31]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Pinterest Save Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-07-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2016-07-01] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [108008 2013-07-02] (Bitdefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [137632 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [22432 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-09-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 NuidFltr; C:\WINDOWS\System32\drivers\NuidFltr.sys [44328 2015-11-17] (Microsoft Corporation)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-02 21:31 - 2016-09-02 21:32 - 00012267 _____ C:\Users\Owner\Desktop\FRST.txt
2016-09-02 19:29 - 2016-09-02 19:29 - 00001554 _____ C:\Users\Owner\Desktop\malrpt.txt
2016-09-02 18:48 - 2016-09-02 18:48 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-02 18:48 - 2016-09-02 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-02 18:48 - 2016-09-02 18:48 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-09-02 18:48 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-02 18:48 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-02 18:48 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-02 18:37 - 2016-09-02 18:42 - 22851472 _____ (Malwarebytes ) C:\Users\Owner\Desktop\mbam-setup-2.2.1.1043.exe
2016-09-02 18:35 - 2016-09-02 18:35 - 00001036 _____ C:\Users\Owner\Desktop\JRT.txt
2016-09-02 18:28 - 2016-09-02 18:32 - 01610560 _____ (Malwarebytes) C:\Users\Owner\Desktop\JRT.exe
2016-09-02 18:12 - 2016-09-02 18:18 - 00000000 ____D C:\AdwCleaner
2016-09-02 18:08 - 2016-09-02 18:09 - 03826240 _____ C:\Users\Owner\Desktop\AdwCleaner.exe
2016-09-02 00:21 - 2016-09-02 00:21 - 00000521 _____ C:\Users\Owner\Desktop\aswMBR2.txt
2016-09-02 00:14 - 2016-09-02 00:14 - 00000565 _____ C:\Users\Owner\Desktop\aswMBR.txt
2016-09-02 00:02 - 2016-09-02 00:03 - 05198336 _____ (AVAST Software) C:\Users\Owner\Downloads\aswMBR.exe
2016-09-01 23:58 - 2016-09-02 00:01 - 00043455 _____ C:\Users\Owner\Downloads\Addition.txt
2016-09-01 23:56 - 2016-09-02 00:01 - 00033181 _____ C:\Users\Owner\Downloads\FRST.txt
2016-09-01 23:53 - 2016-09-02 21:31 - 00000000 ____D C:\FRST
2016-09-01 23:52 - 2016-09-01 23:53 - 01747968 _____ (Farbar) C:\Users\Owner\Desktop\FRST (1).exe
2016-09-01 23:43 - 2016-09-01 23:43 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-OWNER-PC-Windows-10-Home-(32-bit).dat
2016-09-01 23:43 - 2016-09-01 23:43 - 00000000 ____D C:\RegBackup
2016-09-01 23:41 - 2016-09-01 23:41 - 00017375 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-09-01 23:41 - 2016-09-01 23:41 - 00002258 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-09-01 23:41 - 2016-09-01 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-09-01 23:41 - 2016-09-01 23:41 - 00000000 ____D C:\Program Files\Tweaking.com
2016-09-01 23:39 - 2016-09-01 23:41 - 05575304 _____ (Tweaking.com) C:\Users\Owner\Downloads\tweaking.com_registry_backup_setup.exe
2016-09-01 21:47 - 2016-09-01 21:47 - 00002249 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2016-09-01 21:47 - 2016-09-01 21:47 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-09-01 21:47 - 2016-09-01 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2016-09-01 21:47 - 2013-04-17 13:59 - 00633344 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2016-09-01 21:47 - 2013-04-17 13:59 - 00486536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2016-09-01 21:47 - 2012-11-02 13:17 - 00242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2016-09-01 21:44 - 2016-09-01 21:47 - 00000000 ____D C:\Program Files\Bitdefender
2016-09-01 21:44 - 2013-05-28 11:11 - 00355744 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-09-01 21:44 - 2013-04-22 12:20 - 00164952 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-09-01 21:43 - 2016-09-01 21:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
2016-09-01 21:42 - 2016-09-01 21:43 - 10056744 _____ C:\Users\Owner\Downloads\Antivirus_Free_Edition_x86.exe
2016-09-01 21:42 - 2016-09-01 21:42 - 00196944 _____ C:\Users\Owner\Downloads\Antivirus_Free_Edition.exe
2016-09-01 19:29 - 2016-09-01 19:29 - 00093748 _____ C:\WINDOWS\Minidump\090116-35281-01.dmp
2016-08-31 18:56 - 2016-09-02 21:04 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2016-08-31 18:56 - 2016-08-31 18:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2016-08-30 17:30 - 2016-08-30 17:29 - 00453443 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160830-173036.backup
2016-08-30 17:29 - 2016-04-01 11:27 - 00451921 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160830-172941.backup
2016-08-30 15:51 - 2016-09-01 19:29 - 240225385 _____ C:\WINDOWS\MEMORY.DMP
2016-08-30 15:51 - 2016-08-30 15:51 - 00094228 _____ C:\WINDOWS\Minidump\083016-43734-01.dmp
2016-08-24 22:15 - 2016-08-24 22:16 - 07334450 _____ C:\Users\Owner\Downloads\33-ways-to-write-stronger-characters-worksheet.pdf
2016-08-23 09:12 - 2016-08-23 09:12 - 04387191 _____ C:\Users\Owner\Downloads\The-Complete-First-Website-Manual.pdf
2016-08-18 17:33 - 2016-08-18 17:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2016-08-10 11:56 - 2016-08-03 01:52 - 05793632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 11:56 - 2016-08-03 01:52 - 00083808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 11:56 - 2016-08-03 01:32 - 00413024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 11:56 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 11:56 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 11:56 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 11:56 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 11:56 - 2016-08-03 01:29 - 01337680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 11:56 - 2016-08-03 01:29 - 00633192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 11:56 - 2016-08-03 01:28 - 00505136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 11:56 - 2016-08-03 01:28 - 00139616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 11:56 - 2016-08-03 01:21 - 01712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 11:56 - 2016-08-03 01:21 - 00483680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 11:56 - 2016-08-03 01:21 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 11:56 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 11:56 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 11:56 - 2016-08-03 00:41 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 11:56 - 2016-08-03 00:39 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 11:56 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 11:56 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 11:56 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 11:56 - 2016-08-03 00:33 - 01152512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 11:56 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 11:56 - 2016-08-03 00:32 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 11:56 - 2016-08-03 00:32 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 11:56 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 11:56 - 2016-08-03 00:27 - 02973696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 11:56 - 2016-08-03 00:27 - 01903104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 11:56 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 11:56 - 2016-08-03 00:24 - 01735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 11:56 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 11:56 - 2016-08-03 00:22 - 01900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 11:56 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 11:56 - 2016-08-03 00:22 - 01086976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 11:56 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 11:55 - 2016-08-03 02:27 - 01303744 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 11:55 - 2016-08-03 02:27 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 11:55 - 2016-08-03 02:27 - 00045760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 11:55 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 11:55 - 2016-08-03 01:43 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 11:55 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 11:55 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 11:55 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 11:55 - 2016-08-03 01:32 - 00260448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 11:55 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 11:55 - 2016-08-03 01:18 - 00346464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 11:55 - 2016-08-03 00:58 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 11:55 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 11:55 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 11:55 - 2016-08-03 00:48 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 11:55 - 2016-08-03 00:47 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 11:55 - 2016-08-03 00:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 11:55 - 2016-08-03 00:44 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 11:55 - 2016-08-03 00:43 - 00180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 11:55 - 2016-08-03 00:43 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 11:55 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 11:55 - 2016-08-03 00:40 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 11:55 - 2016-08-03 00:40 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 11:55 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 11:55 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 11:55 - 2016-08-03 00:39 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 11:55 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 11:55 - 2016-08-03 00:37 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 11:55 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 11:55 - 2016-08-03 00:35 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 11:55 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 11:55 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 11:55 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 11:55 - 2016-08-03 00:33 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 11:55 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 11:55 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 11:55 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 11:55 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 11:55 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 11:55 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 11:55 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 11:55 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 11:55 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 11:55 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 11:55 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 11:55 - 2016-08-03 00:20 - 03483648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-08 21:57 - 2016-08-08 21:57 - 00077312 _____ C:\Users\Owner\Downloads\Novel Working Charts.xls
2016-08-08 19:27 - 2016-08-08 19:27 - 07238029 _____ C:\Users\Owner\Downloads\starstruck_shifter.mobi
2016-08-08 19:27 - 2016-08-08 19:27 - 00572781 _____ C:\Users\Owner\Downloads\untamed_obsession_den_of_sin_.mobi
2016-08-08 19:24 - 2016-08-08 19:25 - 02142864 _____ C:\Users\Owner\Downloads\raw_and_dirty.mobi
2016-08-05 17:45 - 2016-08-05 17:45 - 06153790 _____ C:\Users\Owner\Downloads\dict-en.oxt
2016-08-04 22:55 - 2016-08-04 22:55 - 00567103 _____ C:\Users\Owner\Downloads\The Boss Vol 1-3 - Cari Quinn.mobi
2016-08-04 16:12 - 2016-08-31 20:19 - 00000000 ____D C:\Users\Owner\AppData\Local\Citrix
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-02 21:23 - 2014-09-07 15:09 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-02 21:07 - 2013-03-12 12:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-02 21:05 - 2014-09-07 15:12 - 00000000 ___RD C:\Users\Owner\Google Drive
2016-09-02 21:04 - 2014-09-07 15:09 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-02 20:59 - 2016-03-10 10:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-02 20:57 - 2015-10-30 01:13 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-02 19:57 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-02 18:48 - 2013-11-18 13:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-02 18:19 - 2016-03-10 10:30 - 00000000 ____D C:\Users\Owner
2016-09-01 21:47 - 2015-10-30 01:47 - 00000000 ____D C:\WINDOWS\INF
2016-09-01 19:52 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 19:52 - 2015-10-30 01:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-01 19:48 - 2015-10-30 01:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-01 19:29 - 2016-07-28 23:25 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-31 20:24 - 2015-08-05 17:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-08-31 20:19 - 2013-11-18 13:11 - 00000000 ____D C:\Program Files\VideoLAN
2016-08-31 18:59 - 2014-09-01 12:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2016-08-31 18:55 - 2014-09-01 12:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify
2016-08-30 22:00 - 2016-06-11 19:30 - 00000000 ____D C:\Users\Owner\Documents\writing tips
2016-08-30 15:59 - 2016-03-10 10:29 - 00988244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-28 00:24 - 2015-10-10 22:13 - 00012869 _____ C:\Users\Owner\Documents\early latin dance.odt
2016-08-19 19:50 - 2016-06-10 22:55 - 00000000 ____D C:\Program Files\Scrivener
2016-08-18 17:34 - 2016-03-10 20:08 - 00002405 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-18 17:34 - 2016-03-10 20:08 - 00000000 ___RD C:\Users\Owner\OneDrive
2016-08-17 17:27 - 2014-09-07 15:10 - 00002073 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-08-17 17:27 - 2014-09-07 15:10 - 00002071 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-08-17 17:27 - 2014-09-07 15:10 - 00002061 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-08-17 17:27 - 2014-09-07 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-11 18:53 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 23:50 - 2015-10-30 02:58 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 23:50 - 2015-10-30 01:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 13:04 - 2014-04-21 14:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 12:43 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 12:43 - 2014-04-21 14:12 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 17:24 - 2014-09-24 13:39 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 17:24 - 2014-09-24 13:39 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-05 20:44 - 2016-07-19 12:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GPMDP
2016-08-05 17:53 - 2015-11-08 12:36 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2014-05-14 21:20 - 2014-05-14 21:20 - 0000040 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2015-01-05 22:47 - 2015-01-06 00:07 - 8673792 _____ () C:\ProgramData\atscie.msi
2014-05-06 13:09 - 2014-05-06 13:12 - 0000246 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-27 19:39
==================== End of FRST.txt ============================
gogeko34
2016-09-03, 04:49
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Owner (02-09-2016 21:33:04)
Running from C:\Users\Owner\Desktop
Microsoft Windows 10 Home Version 1511 (X86) (2016-03-10 14:50:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4030092792-1861841708-2368464224-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4030092792-1861841708-2368464224-503 - Limited - Disabled)
Guest (S-1-5-21-4030092792-1861841708-2368464224-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4030092792-1861841708-2368464224-1002 - Limited - Enabled)
Owner (S-1-5-21-4030092792-1861841708-2368464224-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Citrix Online Launcher (HKLM\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Google Chrome (HKLM\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
QuickTime (HKLM\...\QuickTime) (Version: - )
Scrivener Update (HKLM\...\Scrivener 1900) (Version: 1960 - Literature and Latte)
Spotify (HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.0 - Tweaking.com)
WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
yWriter6 (HKLM\...\yWriter6_is1) (Version: - Spacejock Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{880804D3-6A76-4a39-8F95-641CFA984557}\InprocServer32 -> %LOCALAPPDATA%\HuluDesktop\instances\0.9.14.1\hdIEPlg.dll => No File
CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03DFCD56-A98B-46D4-9D4B-E1972F8B80BC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-18] (Microsoft Corporation)
Task: {06B1FDD1-9AAA-4504-AB52-89160A212A40} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {121809E5-6D3A-4F5F-9F0F-51CD6C0F0B69} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {22BC150D-8B18-4C1F-8D42-8855880BBDAD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {2A6D9D8D-6112-43C5-966B-85F3728313C9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2DAEA87C-86AC-40DE-A359-700FA9D5FE93} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {33ECED19-4E20-407E-9089-F83710CD100D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {36BF9E44-DBA5-4D18-8A2F-B620B0534F8C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {433DB1B2-26E3-4B7B-BDBA-A510ADCF241A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {47026316-1942-4F3D-B426-1714D134D5CE} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {55AB25D1-C7F0-4FDF-B692-A4C29FB3FEF8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {57B48964-77DA-47A5-B2BC-8313AF3627FD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D812CED-0169-4B5C-8752-CFD4C37A2BE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {603BF118-5B4D-40F5-A486-948329586DE8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {635385F1-8BBC-4478-A808-DAB2F3C8628E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {63E19ABD-BEF6-4D88-A9F7-7A3C0E7626D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6B6C4B78-7A58-485F-A61D-9CFA6C04A657} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {70E5E7F1-670F-457F-BF52-8F1DB875008A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {75884FC2-2FF7-4C75-A8CA-6488576414AB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {829B21DA-7739-4C90-957C-98DC9C8F914A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {94AEF91F-5F0D-42F3-B022-6716CA643AEB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B1BA70DD-79CF-4168-9861-9832ADD5188C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {BD09BA61-FC8D-49B9-8B28-14D1EDB9E4FF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {BFE0BBD0-C3FE-4C7C-A368-4CCF17749168} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DB441ACD-FAE3-4A65-8F2C-69EF664F8857} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E08DFD32-9247-4235-B633-11CC453AA832} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E51A7559-C977-4911-9A6A-6B83CB8B0AF5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E75A966F-429F-4C5E-A3C5-E08CD512616F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E826665B-C096-40EA-AB45-7FFD760C56E2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ECF432F5-B652-4545-8356-B715F32D5CE6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {EF2CA483-2301-4A8C-8315-929229013A61} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {F28494F9-3ECC-4658-83B1-92DAD8FDAFB1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {F4958A23-8F04-4404-8D50-8B27BE36C4F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-01 21:47 - 2013-03-19 11:07 - 00522136 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2016-09-01 21:47 - 2013-09-03 13:29 - 00105448 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2016-04-01 10:33 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-01 10:33 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-01 10:33 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-07-12 21:10 - 2016-07-01 00:38 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 21:10 - 2016-07-01 00:38 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-18 17:33 - 2016-08-18 17:33 - 01383616 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-03-10 13:15 - 2016-03-10 13:15 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 21:09 - 2016-06-30 23:31 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 21:10 - 2016-06-30 23:13 - 05340160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 21:10 - 2016-06-30 23:08 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 21:10 - 2016-06-30 23:08 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 21:10 - 2016-06-30 23:11 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-02 21:04 - 2016-09-02 21:04 - 00098816 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32api.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00110080 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\pywintypes27.dll
2016-09-02 21:04 - 2016-09-02 21:04 - 00364544 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\pythoncom27.dll
2016-09-02 21:04 - 2016-09-02 21:04 - 00320512 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32com.shell.shell.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00776704 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\_hashlib.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 01176576 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\wx._core_.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00806400 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\wx._gdi_.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00816128 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\wx._windows_.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 01067008 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\wx._controls_.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00733184 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\wx._misc_.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00682496 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\pysqlite2._sqlite.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00088064 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\_ctypes.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00119808 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32file.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00108544 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32security.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00007168 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\hashobjs_ext.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00017920 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\thumbnails_ext.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00088064 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\usb_ext.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00012800 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\common.time34.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00018432 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32event.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00167936 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32gui.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00046080 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\_socket.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 01208320 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\_ssl.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00128512 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\_elementtree.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00127488 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\pyexpat.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00038912 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32inet.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00036864 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\_psutil_windows.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00525208 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\windows._lib_cacheinvalidation.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00011264 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32crypt.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00077312 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\wx._html2.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00027136 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\_multiprocessing.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00020480 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\_yappi.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00035840 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32process.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00686080 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\unicodedata.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00078848 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\wx._animate.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00123392 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\wx._wizard.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00024064 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32pipe.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00010240 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\select.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00025600 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32pdh.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00017408 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32profile.pyd
2016-09-02 21:04 - 2016-09-02 21:04 - 00022528 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI42162\win32ts.pyd
2015-03-15 11:20 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-03-15 11:20 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2016-04-18 16:59 - 2016-04-18 17:00 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-18 16:59 - 2016-04-18 17:00 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 16:59 - 2016-04-18 17:00 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7914 more sites.
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\123simsen.com -> www.123simsen.com
There are 7915 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2016-08-30 17:30 - 00453443 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15555 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "APSDaemon"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\StartupApproved\Run: => "Spotify"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{46FBA79F-4171-4C78-B49E-38C7AB43B17C}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E002756B-88F0-47D8-8968-4E261AFE5D91}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6BC93BFA-F55B-4E72-8FD0-81BB8556F067}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AE1D72ED-5F4E-4008-BED1-6F9768C10B7C}] => (Allow) LPort=67
FirewallRules: [{E8EBA4B5-CB43-45C5-BAB3-3D456F6A05DF}] => (Allow) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{8434326C-2785-4961-8382-8CE81BF55204}] => (Allow) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [UDP Query User{1BEA4507-3FF4-4700-9FC8-BECA77B7DA0E}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe
FirewallRules: [TCP Query User{93A43657-9057-4953-9C7A-E78B99C1E0B7}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe
FirewallRules: [UDP Query User{52F84905-7038-430A-B35D-30812B924A0F}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe
FirewallRules: [TCP Query User{0C1B73AC-73A2-4940-8208-1209CAA92417}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe
FirewallRules: [UDP Query User{0A03A2C7-F418-4011-ACFE-3F83095F1248}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8F06D330-8C00-4E92-9A4D-E656010F08FA}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B603E256-9F4E-4AF4-86B5-200C31517A89}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B44E9551-FA60-4D38-B622-358D4C320D58}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
15-08-2016 19:14:49 Scheduled Checkpoint
24-08-2016 21:23:04 Scheduled Checkpoint
01-09-2016 19:50:12 Windows Update
02-09-2016 18:32:20 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/02/2016 06:35:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (09/02/2016 06:35:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.10586.494 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1bc8
Start Time: 01d2056a03fe9c4b
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: 8a334cbb-715d-11e6-a538-001aa0ae0fd9
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (09/02/2016 06:35:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: OWNER-PC)
Description: App Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App did not launch within its allotted time.
Error: (09/02/2016 06:32:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (09/01/2016 08:18:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (09/01/2016 08:12:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (09/01/2016 08:07:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (09/01/2016 08:01:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (09/01/2016 07:54:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (09/01/2016 07:51:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
System errors:
=============
Error: (09/02/2016 08:59:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDScannerService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/02/2016 08:59:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SDScannerService service to connect.
Error: (09/02/2016 08:59:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (09/02/2016 08:57:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_404a4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/02/2016 08:57:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_404a4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/02/2016 08:57:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_404a4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/02/2016 08:57:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_404a4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/02/2016 08:54:40 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.
Error: (09/02/2016 08:54:12 PM) (Source: WAS) (EventID: 5175) (User: )
Description: The listener adapter serving the 'net.msmq' protocol disconnected unexpectedly.
Error: (09/02/2016 08:54:12 PM) (Source: WAS) (EventID: 5175) (User: )
Description: The listener adapter serving the 'msmq.formatname' protocol disconnected unexpectedly.
CodeIntegrity:
===================================
Date: 2016-09-02 06:12:18.781
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-01 21:41:27.115
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:41:27.098
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:41:27.078
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:41:24.826
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:41:24.794
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:33:26.978
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:33:26.962
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:33:26.938
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-01 21:33:26.333
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) D CPU 3.40GHz
Percentage of memory in use: 61%
Total physical RAM: 2037.61 MB
Available physical RAM: 784.29 MB
Total Virtual: 4085.61 MB
Available Virtual: 2218.49 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.47 GB) (Free:108.96 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================
Good Morning,
Just a couple of things to fix, nothing earthshattering, but before we do let me ask you about these
Your firewall is blocking Kodak Software Updater but I dont see this program listed as installed, do you still use it ? If you do we can fix it
FirewallRules: [TCP Query User{93A43657-9057-4953-9C7A-E78B99C1E0B7}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software
As far as this program ,I am reading that it causes some issues on some systems , if you dont use it you can uninstall it via Programs and Features in the Control Panel
Scrivener Update (HKLM\...\Scrivener 1900) (Version: 1960 - Literature and Latte)
Let me know about these two programs
gogeko34
2016-09-04, 02:26
Hi Ken,
I do not use Kodak at all. That may have come with some photos I added to my computer, but even the photos aren't important.
I use Scrivener for writing novels. If there's a problem with the software I can notify the creator/vendor and ask them to fix it. I love Scrivener and would like to continue using it if I can without damaging my computer.
I'd appreciate it if you would let me know if there are any other programs that could be causing problems.
Thanks, Tonia
Well, Kodak doesnt appear to be installed so we can leave that one be. I wasnt sure what Scrivener was so I Googled it and its a legit program but on one of the things I read about it it said it on some systems it may cause issues, but if your using it and need it then just let it be. Have you used this for awhile or have your problems started after installing it ?
Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
Please copy the entire contents Inside of the code box below beginning with START and ending with END
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Name the file Fixlist, Save it to your desktop where you have FRST/FRST64 or the fix wont work, . Then open up FRST/FRST64 and click on FIX (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please
Start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {F4958A23-8F04-4404-8D50-8B27BE36C4F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
gogeko34
2016-09-04, 04:39
Hi Ken,
Thanks for your prompt replies. My computer froze and required a reboot again while running the fix. The second attempt was successful :)
I have been using Scrivener since June of this year and it was recently updated. I just started having a problem with my computer encountering unexpected error and trouble restarting this week. It has been running a little sluggish lately, but I couldn't say for sure that this started after I installed Scrivener or before.
I did install an app that I removed this week. It was a Google Play desktop app. I was uncomfortable with it from the start and I didn't know how to update it. It's not an official Google product so that was probably a bad idea to install. Here is the link if you want to see what it was: https://www.googleplaymusicdesktopplayer.com/
When I open the task manager I see that Google Chrome is using a lot of memory. I have enjoyed Google Chrome as my browser, but I'm wondering if I should be using something else. Do you have any preferences for browsers?
Do you have any suggestions for improving the speed of my computer as well? Should I purchase more RAM (if it's even possible for this computer)?
Also once we are done solving this problem I'm sure you will advise me on what programs I should remove (of those I was instructed to install for this fix) and what programs I should run routinely to help protect my computer.
Here is the fixlog:
Fix result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Owner (03-09-2016 20:55:33) Run:4
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {F4958A23-8F04-4404-8D50-8B27BE36C4F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4958A23-8F04-4404-8D50-8B27BE36C4F7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4958A23-8F04-4404-8D50-8B27BE36C4F7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7531669 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3240 B
Edge => 0 B
Chrome => 32888271 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 2560 B
NetworkService => 1874 B
Owner => 39827874 B
DefaultAppPool => 0 B
RecycleBin => 13193 B
EmptyTemp: => 76.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:57:06 ====
Sometimes its hard to diagnose the problem your having , looking through your logs all the programs you have installed seem fine. As far as removing the tools we are using , we will do that once we are done.
I notice your file system is 32 bit, new computers built in the last few years are 64 bit, more effcient than 32 bit, but that suggests this computer may be a bit old. Keep in mind they dont last forever. Your hard drive is about 2/3rds full and thats fine as long as you dont install a large program to use up more hard disk space.
Your memory appears to be very low, one of the best upgrades for a system is to add memory, you can go to Crucial and download and use there memory advsor, it will scan your system and let you know what they suggest as far as upgrading it. Before i got into malware removal I was a system builder and Crucial was the only memory I ever installed on my systems
https://www.crucial.com/
MySearchDial is more of an annoyance than a virus, its considered a PUP (Potentially Unwanted Program) and could have effected your systems performance but I dont believe its responseble for your problem
Think back, prior to this happening, did you install or uninstall any hardware or software programs ??
I would like you to run another scanner and lets see if it picks up anything that FRST has not. If it comes back clean then your issue is not malware related and at that point I can link you to a good windows forum that can help you sort things out as we just do malware removal on this one.
http://i24.photobucket.com/albums/c30/ken545/RK2_zps0modv4gs.jpg
Download RogueKiller from Here (http://www.bleepingcomputer.com/download/roguekiller/) or Here (http://tigzy.geekstogo.com/Tools/RogueKiller.exe) To your DESKTOP
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Windows Vista, Windows 7, 8 or 10 right-click on RogueKiller and select "Run as Administrator" to start the program.
For Windows XP, double-click on RogueKiller to start the program.
If the program has been blocked by malware, try to rename it to winlogon.exe, or change its file extension with .com (ex: Roguekiller.com)
If a message pops up telling you your running the 32 bit version just click on "Run Anyway"
The free version will not allow you to change any setting so just leave it all be.
The scan is triggered with the Start Scan button. The scan does not modify your system.
Wait until the Status box shows "Scan Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller
gogeko34
2016-09-04, 18:42
Good Morning Ken,
I turned my computer off last night and it took several restarts ti get it back up this morning. As it did before, everything loaded and when I attempted to open my browser the blue screen appeared with the unexpected error msg. I'll keep trying to get it going again and try to run the memory check. I think the msg, which isn't available long enough for me to read completely, had something like NMI Hardware or MMI hardware?
I purchased this computer a couple of years ago because my old computer couldn't be upgraded from Windows XP to something Microsoft supported. It was a refurbished computer and ran well until recently. Software recently installed included Scrivener, YWrite, that unofficial Google desktop player app I mentioned, and I think some webinar or meeting software (I recently participated in some online training sessions and the software was needed to attend). I sometimes download PDF files as well. I know that someone looked at porn on my computer at least once. I don't mind him looking at it, but he will not be using my computer for such things anymore! I suspect there were some things that came with those sites.
I ran a Crucial Scan and here is the link to the results (I don't know enough to understand them and probably just need to take my computer to a professional). http://www.crucial.com/usa/en/scanview/B9E8C94E31D926C3
I will not be power down my computer to avoid the problem with it not restarting (unless prompted by a fix program). It doesn't seem to encounter the error when I just put it in sleep mode for now.
Thanks, Tonia
Report from RogueKiller
RogueKiller V12.5.2.0 [Aug 29 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.10586) 32 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 09/04/2016 10:31:27 (Duration : 00:45:36)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 1 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{880804D3-6A76-4a39-8F95-641CFA984557} (%LOCALAPPDATA%\HuluDesktop\instances\0.9.14.1\hdIEPlg.dll) -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721016CLA382 ATA Device +++++
--- User ---
[MBR] 3d85ef0f6756280b6df7360c7f2ee268
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152033 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 311572480 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
RogueKiller looks fine. From what I have been reading NMI Hardware may be some sort of hardware malfuncion on your system. If your memory was bad you would get a memory error on startup and your not.
What the Crucial thing means is that this system is set up to have the maximum of 8Gb of memory and you only have 2, you have 4 slots for memory and 2 or them are not filled. They need to be installed in pairs so you would need 2 1GB of memory moduales and that would bring you up to 4 GB, that doubles the amount of memory you have and it would work out fine. There our of stock but I am guessing there about $30 apiece. There easy to install, they just snap into the empty slots. You may want to contact Crucial and ask them to let you know when there back in stock.
But that NMI Error could be anything from a motherboard malfunction to a loose cable to one or your drives. I think the best thing to do is take it in to a local shop and have them check it, they have tools and diagnostic equipment that they can use to diagnose your system and see whats going on.
You can download and run CCleaner to clean out all your history , bad cookies and temp files, you just need the free version. Its what I have and I run it each night before I shut down. It has a lot of options, some to do with the windows registry, I would stay away from that as you can really harm your system if you remove something you should have not. But just running the cleaner is fine. Under Options > Cookies you can move cookies you want to keep to the right panel, those would be cookies that store your log info like for your banking, this site as examples
https://www.piriform.com/ccleaner
Here is how mine is set up
Another thing you might want to do is to clean out the inside of your tower. After years or use with all the fans blowing a lot of dirt gets sucked up in there sometimes causing problems. Its really easy. Just shut your computer down, unplug the power cable , remove the side of the tower, use a can of canned air to gentle blow out all the dirt and dustbunnies. Hold the the fan on the rear of the case so it wont spin and blow all the dirt out around it. Gently blow all the dirt off the motherboard being careful not to touch it, actually dont touch anything inside , just use the air to blow all the dirt out. You can find canned air at places like Best Buy
gogeko34
2016-09-04, 21:27
Hi Ken,
I receive the error after everything is loaded and when I attempt to open the Chrome browser. Once it shuts the monitor and keyboard down the tower remains powered on until I hold the button to turn it off. Once this error has occurred I must reboot four or more times until everything loads. Sometimes the monitor screen remains black and sometimes it gets stuck on the bios screen with Dell on it.
I'll bring it to a repair shop for diagnosis. If they think it's possible to save with the addition of memory that would be an inexpensive short term fix. If I can save what I have and just change out a few parts, that is my preference. I hate to put more stuff in the trash. I still have my tower with XP because I've had trouble tossing it. Maybe that repair shop can make use of some of it.
I did download CCleaner and ran it using your set up. There were lots of cookies! I'll make sure I run it often.
I really appreciate your help. Though I am bummed that I may have to spend some money to get it working properly, I know it's probably hardware. Fingers crossed that it's not a major expense. I have a sick cat with higher medical costs than my own. If I could use Scrivener on my laptop that has a Linux operating system I wouldn't feel so pressured to get this desktop PC functioning. Unfortunately the creators only made one version for Linux and they are not updating it.
Is there anything else I should do before I take it in? I think I have backed up files that are important to me on a thumb drive and Google Drive. Should I go ahead and uninstall programs you asked me to install or leave it as is? Should I use any of these programs as part of regular maintenance?
Thanks, Tonia
Looks like your having an issue with Chrome, lets set it back to defaults
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Down on the bottom you will see an option for RESET BROWSER SETTINGS
Click on it and it will set Chome back to defaults
Let me know if that helped. If not let me know if you want to uninstall and reinstall Chrome, I can provide the steps to take
When you take your computer in to a shop, you would be better off using a local computer shop in lieu of a large retailer, look for one that is a Certified Microsoft Partner.
When were done with Chrome, I will post instructions to remove the tools we used for your clean up
gogeko34
2016-09-04, 23:37
I uninstalled Chrome using the control panel, restarted my computer. I downloaded it using Edge and installed it again. So far no problem restarting, but I had several successful restarts this week until this morning again. I'm sure it still needs more memory to function better and maybe there's faulty hardware.
I'll let you know what I learn about the hardware this week. I found a local repair shop that is Microsoft Certified. I'll bring my computer to them tomorrow if they are open (Tuesday if not).
I'll keep you posted. Thanks for everything Ken! I hope you are taking some time to enjoy this holiday weekend.
Tonia
Good luck on your computer Tonia, hope it all works out for you and they find the problem.
I will keep this thread open for you for awhile, post back and let me know what they said and what they did.
Myself just hanging out today, tomorrow the fun starts :)
In the meantime we can remove all the programs we used cleaning your system
Double click on AdwCleaner.exe to run the tool again.
Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.
==========================================================
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.
http://i24.photobucket.com/albums/c30/ken545/DelFix_zps139e2ea1.jpg
Windows XP Double Click DelFix.exe to run the program.
Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
Checkmark " Remove Disinfection Tools"
Click the Run button
This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
So How did I get infected in the first place (https://forums.spybot.info/showthread.php?279-So-how-did-I-get-infected-in-the-first-place") <-- Some reading for you to keep yourself safe online
Safe Surfn
Ken
gogeko34
2016-09-05, 01:40
:bigthumb:
I will keep you informed. It may be helpful information for future fixes.
Should I uninstall Tweaking and Malwarebytes?
I have the free versions of bitdefender and Spybot installed. Should I just continue to use them with the CCleaner and or is there something else I should use? Bitdefender is new for me so I don't know if it may have helped prevent or solve some of the problems that were found on my computer. I will have to be more diligent about running Spybot scans.
Thanks, Tonia
All products by Tweeking are great, I use the Tweeking reg backup myself. On my own computer, anytime I make a change to the registry I make a back up first, it has saved me more than once. Another one from them that i use is Tweeking Envelope Printer, I use it for most envelopes I mail.
http://www.tweaking.com/content/page/tweaking_com_envelope_printer.html
Malwarebytes is a great program, your using the free version, you can upgrade to the Premium version that besides letting you update, run scans and remove items, it has a protection module that blocks known bad websites from loading, the cost is minimal but this of course is completely up to you.
I also would keep using CCleaner, keep all those temp and history files from getting to large that can slow down a system
I like you have Windows 10, it comes with Windows Defender, its been upgraded and enhanced for Win 10 and is more that adequite, besides Malwarebytes I just use Windows Defender as my anti virus program, but if you want to keep BitDefender again this is up to you. Uninstalling BitDefender and using Windows Defender can save you some system resources.
You can pin it to your taskbar and from there you can update ( althought it updates itself ) and you can run scans on your own or schedule a scan
On the windows start button, click on File Explorer > This PC > your C:/ drive > Program Files > Windows Defender and look for MSASCui, right click on it and select Pin to Taskbar
Post back in a few days and keep me up to date on whats going on
Take care young lady
Ken :)
gogeko34
2016-09-07, 17:18
Hi Ken,
I just wanted to give you an update. I'm have some trouble finding someone to repair my computer (diagnose it). The original business advertised that they work on PC but they don't anymore. I was referred to another that wasn't very receptive to helping me. The age of my computer tells them it's not worth the $70 diagnostic fee. Another guy contacted me and he's not Microsoft certified. So I'm searching.
Computer shut itself off on Monday when I wasn't around (actually fully powered down) and I haven't been able to get it back up since. At one point the screen before the bios scrren appeared with the following:
PXE: No boot filename received
PXE-MOF: Exiting Broadcam PXE ROM
So googling this I find that it could be a boot drive issue or it could be a hard drive issue. I'm not sure it's worth investing more energy or money in it. I hate to dispose of potentially useful materials but I'm not sure what else to do.
Any advise? I'm tempted to recycle it and get another refurbished computer.
Thanks, Tonia
Hello Tonia, thanks for getting back to me.
With the problems this computer is having and the age of it I think at this point to try and get it fixed maybe like throwinig money out the window. You may just be better off getting a new one.
Last year a friend of mine bought a refurb from Dell and so far she has been happy with it, she got a small form desktop and I believe she only paid around $249, but it just came with the tower, mouse and keyboard, no monitor. You may want to consider a laptop, the 17" ones are just like having a tower. Look for one that has windows 10, if they only come with Win 7 thats fine, win 7 will be around for a few more years, maybe 5 oor 6. Just stay away from Windows 8, it was horrible
http://dellrefurbished.com/
You can also look at Costco online, they always have nice deals on computers, it depends on what you want to spend, see some nice ones for maybe $600, but there all new, not refurbished and there guaranteed by Costco, any problems you can just return it. Myself I have always been partial to Dell, but thats me
http://www.costco.com/computers-offers.html
If there are docs and pics on your old drive you can buy a hard drive docking station, you just pull the old drive out and place it in the docking station and hook it up to your new computer via a USB cable and you will be able to go into your old drive and copy and paste any docs or pics you want to keep from the old drive to your new computer. I have done this and this is the unit I used. I actually use my old hard drive for back up, using this unit I can transfer my docs and pics maybe once a month to my old hard drive as backup
https://www.amazon.com/Cable-Matters-Drive-Docking-Station/dp/B0099TX7O4
Again I will keep this thread open for you, i would like to know what you decide
Ken :)
gogeko34
2016-09-15, 23:57
Hi Ken,
Thanks so much for your advice. It looks like it's the motherboard that needs to be replaced. I'm just going to get another computer. I will get that docking station you suggested to use as external storage so the hard drive isn't wasted.
You have been such a wonderful help to me and I really appreciate your patience and prompt responses. I'm sure I will get back to Safer-Networking again for advice. In the meantime, I will be offering a small donation to support all the support this site offers to so many people.
Thanks again and best of luck to you in all your endeavors.
Tonia
Thank you Tonia, I kind of figured it was some sort of hardware issue, motherboards can run around $100 or a bit more but there a real pain to install, sometimes things that you have on the system now like graphic cards, memory CPU wont work with the new one so its down the store to buy more stuff so you making the right choice by going with a new one.
I will close this thread now , if I can be of any help in the future just PM me
Take Care
Ken :)
Since this issue is resolved this topic is now closed