PDA

View Full Version : System Restore Disappeared



RastorMosaic
2018-06-14, 17:44
Hello and Thank you in advance. My computer has started acting strange. When I open a folder, all folders inside are highlighted (not a biggie, but no usual) Many programs slowing down to open. System restore is "there" but does nothing when you click the button, like it's 'dead'. I've cleaned, defragged, you know, general upkeep, cleanup. Seemed to make it worse. I backed up my registry. It said that two entries failed. I don't know if you need any of that. Spybot logs run clean. So, here are the logs...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Owner (administrator) on OWNER-PC446 (14-06-2018 09:11:57)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & Yodi & CompAdmin (Available Profiles: Owner & Yodi & CompAdmin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe
(f.lux Software LLC) C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GwxControlPanelMonitor] => C:\Users\Owner\Documents\Programs\Security\windows 10 stuff\GWX_control_panel.exe [4596296 2017-01-31] (UltimateOutsider)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Run: [f.lux] => C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe [1682936 2018-01-17] (f.lux Software LLC)
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\MountPoints2: {0a8a8fdb-9b75-11e5-b600-8dcc0ab31f22} - D:\Run.exe
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\MountPoints2: {4dda4dd6-4b1d-11e8-b019-fcaa14e2776d} - J:\Start.exe
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\MountPoints2: {fa077db1-b565-11e5-9080-fcaa14e2776d} - J:\LG_PC_Programs.exe
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\softwareupdate.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\startupdo.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk.disabled [2018-01-01]
ShortcutTarget: Avast Cleanup Premium.lnk.disabled -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 192.168.1.1
Tcpip\..\Interfaces\{79461EA5-6AF5-4F5B-9C66-6A3724E731E4}: [DhcpNameServer] 192.168.2.254 192.168.1.1
Tcpip\..\Interfaces\{FD6C0BDB-71C1-4531-9144-D395A21AC314}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-17] (AVAST Software)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-17] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-18] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

FireFox:
========
FF DefaultProfile: siueqfw7.default-1482705022050-1527525206204
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\siueqfw7.default-1482705022050-1527525206204 [2018-06-14]
FF Session Restore: Mozilla\Firefox\Profiles\siueqfw7.default-1482705022050-1527525206204 -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-16] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1769359704-1337508281-3947573860-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Owner\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-10-03] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://m.uscellular.com/uscellular/app/login/authenticate/
CHR StartupUrls: Default -> "hxxps://m.uscellular.com/uscellular/app/login/authenticate/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-06-12]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-18]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-18]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-18]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-18]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-06-11]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-23]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-20]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-17] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-13] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [428984 2018-05-17] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-13] (AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [8633072 2018-06-11] (AVAST Software)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Microsoft)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-17] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-07-04] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [640248 2018-05-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-17] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-17] (AVAST Software)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-14 09:11 - 2018-06-14 09:12 - 000015608 _____ C:\Users\Owner\Desktop\FRST.txt
2018-06-14 09:10 - 2018-06-14 09:11 - 000000000 ____D C:\FRST
2018-06-14 09:10 - 2018-06-14 09:10 - 002413056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2018-06-14 08:58 - 2018-06-14 08:58 - 000000207 _____ C:\Windows\tweaking.com-regbackup-OWNER-PC446-Windows-7-Professional-(64-bit).dat
2018-06-14 08:58 - 2018-06-14 08:58 - 000000000 ____D C:\RegBackup
2018-06-14 08:56 - 2018-06-14 08:56 - 000002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-06-14 08:56 - 2018-06-14 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-06-14 08:56 - 2018-06-14 08:56 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-06-14 08:55 - 2018-06-14 08:56 - 000018258 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2018-06-14 08:53 - 2018-06-14 08:53 - 005766144 _____ (Tweaking.com) C:\Users\Owner\Desktop\tweaking.com_registry_backup_setup.exe
2018-06-13 04:43 - 2018-06-13 04:43 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-06-13 04:41 - 2018-06-13 04:41 - 000003374 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2018-06-13 04:41 - 2018-06-13 04:41 - 000003246 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2018-06-13 04:41 - 2018-06-13 04:41 - 000000000 ____D C:\Users\Owner\AppData\Local\AVAST Software
2018-06-08 14:44 - 2018-06-08 14:44 - 000890704 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-02 19:43 - 2018-06-02 19:44 - 013066610 _____ C:\Users\Owner\Desktop\Herbaria Vol8#2.pdf
2018-05-28 11:31 - 2018-06-08 14:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-28 11:31 - 2018-05-28 11:31 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-23 01:29 - 2018-06-13 04:48 - 000002045 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-05-23 01:29 - 2018-05-23 01:29 - 000000000 ____D C:\Users\Owner\AppData\Local\FluxSoftware
2018-05-22 11:25 - 2018-06-14 08:37 - 000000000 ____D C:\Users\Owner\Desktop\Old Firefox Data
2018-05-19 15:26 - 2018-05-19 15:27 - 000000000 ____D C:\Users\Owner\Documents\Receipts
2018-05-19 12:11 - 2018-05-19 12:11 - 000000000 ____D C:\Users\Owner\AppData\Local\ESET
2018-05-19 12:09 - 2018-05-19 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-18 20:01 - 2018-05-18 20:01 - 000000000 ____D C:\Users\CompAdmin\AppData\Local\Google
2018-05-18 14:35 - 2018-05-17 22:12 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-14 09:07 - 2016-11-16 10:09 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2018-06-14 08:34 - 2017-10-09 13:55 - 000000300 _____ C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2018-06-13 16:52 - 2016-10-17 15:20 - 000000000 ____D C:\Users\Owner\Documents\Laughingbird Documents
2018-06-13 16:31 - 2016-02-12 14:45 - 000000000 ____D C:\Users\Owner\AppData\Roaming\CoreFTP
2018-06-13 10:19 - 2015-12-13 21:18 - 000000000 ____D C:\RFD
2018-06-13 04:49 - 2009-07-13 23:45 - 000031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-13 04:49 - 2009-07-13 23:45 - 000031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-13 04:48 - 2017-03-17 14:31 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-06-13 04:48 - 2015-12-05 14:37 - 000000000 ____D C:\ProgramData\AVAST Software
2018-06-13 04:46 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-13 04:46 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-06-13 04:41 - 2018-01-01 18:36 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-06-13 04:40 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-13 04:39 - 2015-12-05 13:23 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-12 14:00 - 2018-01-18 18:39 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-12 14:00 - 2018-01-18 18:39 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-09 08:37 - 2015-12-07 20:57 - 000000000 ____D C:\Users\Owner\Documents\Gardening
2018-06-09 07:26 - 2017-01-15 01:49 - 000000000 ____D C:\Users\Owner\Documents\Memes
2018-06-08 17:50 - 2015-12-07 21:02 - 000000000 ____D C:\Users\Owner\Documents\Personal
2018-06-08 17:45 - 2018-01-01 18:37 - 000004194 _____ C:\Windows\System32\Tasks\Avast TUNEUP Update
2018-06-08 17:45 - 2017-10-25 21:24 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-08 14:44 - 2016-12-02 12:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-06-08 14:44 - 2014-07-18 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-08 14:42 - 2015-12-12 13:37 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-06-07 17:39 - 2017-11-15 01:27 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-06 19:50 - 2015-12-07 21:35 - 000000000 ____D C:\Users\Owner\Documents\Quotes
2018-06-02 17:45 - 2015-12-05 13:14 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-30 03:00 - 2014-07-18 12:55 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-05-23 17:00 - 2015-12-05 14:36 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-21 12:13 - 2015-12-07 20:59 - 000000000 ____D C:\Users\Owner\Documents\Herbs
2018-05-19 12:09 - 2018-03-20 20:20 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-18 23:31 - 2016-09-23 14:53 - 000000000 ____D C:\Users\Owner\Documents\1AWebsites
2018-05-18 20:05 - 2017-01-14 00:58 - 000000000 ____D C:\Users\CompAdmin\AppData\LocalLow\Mozilla
2018-05-18 20:03 - 2015-12-13 19:19 - 000000000 ____D C:\Users\CompAdmin\AppData\Roaming\Mozilla
2018-05-18 20:01 - 2017-01-14 00:57 - 000000000 ____D C:\Users\CompAdmin\AppData\Roaming\Apple Computer
2018-05-18 18:19 - 2017-09-11 18:10 - 000251032 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-18 14:36 - 2015-12-24 23:46 - 000001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2018-05-18 14:19 - 2015-12-07 20:57 - 000000000 ____D C:\Users\Owner\Documents\graphics
2018-05-18 14:08 - 2015-12-05 14:35 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-05-18 14:08 - 2014-07-18 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-18 14:07 - 2014-11-12 19:36 - 000000000 ____D C:\Program Files (x86)\Java
2018-05-18 09:45 - 2015-12-12 13:35 - 000003498 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2018-05-17 22:12 - 2017-11-09 18:12 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-17 22:11 - 2016-02-09 17:16 - 000640248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2018-05-17 22:11 - 2015-12-05 14:37 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-17 14:53 - 2018-01-18 18:38 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 14:53 - 2018-01-18 18:38 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-15 08:11 - 2015-12-12 13:21 - 000000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2017-04-04 08:37 - 2017-04-04 08:37 - 000003932 _____ () C:\Users\Owner\NewFolder.reg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-07 00:22

==================== End of FRST.txt ============================


This is Addition that came with FRST.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Owner (14-06-2018 09:12:29)
Running from C:\Users\Owner\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-07-18 17:41:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1769359704-1337508281-3947573860-500 - Administrator - Disabled)
CompAdmin (S-1-5-21-1769359704-1337508281-3947573860-1002 - Administrator - Enabled) => C:\Users\CompAdmin
Guest (S-1-5-21-1769359704-1337508281-3947573860-501 - Limited - Disabled)
Owner (S-1-5-21-1769359704-1337508281-3947573860-1000 - Administrator - Enabled) => C:\Users\Owner
Yodi (S-1-5-21-1769359704-1337508281-3947573860-1001 - Limited - Enabled) => C:\Users\Yodi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AI RoboForm (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\AI RoboForm) (Version: - )
Amazon Kindle (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.4888 - AVAST Software)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 66.2.567.182 - AVAST Software)
BeCyPDFMetaEdit (HKLM-x32\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12212.0 - Cisco Consumer Products LLC)
Colour Spy 1.5 (HKLM-x32\...\Colour Spy_is1) (Version: - SilverAge Software, Inc.)
Core FTP Pro (HKLM-x32\...\CoreFTP) (Version: - )
Core FTP Pro (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - )
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation)
Corel PaintShop Pro X4 (HKLM-x32\...\{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}) (Version: 14.3.0.3 - Corel Corporation) Hidden
doPDF (HKLM\...\{F64C7477-8040-4993-9554-EC22AE7FA2C0}) (Version: 8.9.951 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{3e04b5b8-dfc4-4bb3-99a1-a57ad01e1d55}) (Version: 8.9.951 - Softland)
e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
f.lux (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Flux) (Version: - f.lux Software LLC)
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.91 - Outertech)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)
ICA (HKLM-x32\...\{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IPM_PSP_COM (HKLM-x32\...\{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}) (Version: 14.0.0.332 - Corel Corporation) Hidden
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{9F60F614-829C-4DE0-8671-C977529A0CAE}) (Version: 8.9.951 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{D175C46B-DDC1-49B2-95C4-93825A97E718}) (Version: 8.9.951 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{C5275556-5365-45C5-9586-1F6D56CD4BB4}) (Version: 8.9.951 - Softland)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
PSPPContent (HKLM-x32\...\{006CAAEF-CA96-4181-AC22-FE56D61432E4}) (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{00D74A7A-F7AD-4D00-ABD2-0973836292C7}) (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{0015DE8E-8D9F-403E-8E5A-4098410E6125}) (Version: 14.0.0.332 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Setup (HKLM-x32\...\{00D13418-7DDF-4D3D-A237-E297B103BB6B}) (Version: 14.0.0.332 - Corel Corporation) Hidden
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stellarium 0.11.2 (HKLM-x32\...\Stellarium_is1) (Version: - )
SwordSearcher 4.1 Deluxe (HKLM-x32\...\{446E6F82-8899-447D-86EB-2399F453C858}) (Version: 4.1.1001 - Brandon Staggs)
The Character Creator Add On Pak v4 (HKLM-x32\...\The Character Creator Add On Pak) (Version: v4 - Laughingbird Software)
The Logo Creator v5 (HKLM-x32\...\The Logo Creator v5) (Version: - )
The Web Graphics Creator v3 (HKLM-x32\...\The Web Graphics Creator v3) (Version: - )
TimePassages (HKLM\...\{86498CF1-A12E-4132-9DC2-6093F7427C44}) (Version: 6.0.6 - AstroGraph Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Zoom (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
ContextMenuHandlers2: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01DBCFCB-F230-4907-9D83-6AA9D35AC519} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {04E949FE-CD0F-42AB-A092-76D7F41B2CC0} - System32\Tasks\{F476F115-DA88-4842-BF3C-FA5C0011125C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Chami\HTML-Kit\Plugins\hkSetupPlus.exe" -d C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yxf5nr0r.default-1449534959428 -c /hkpreg
Task: {05378750-80D6-4A76-AB25-26F2A98E6336} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2017-08-16] ()
Task: {0A24C88E-1494-4220-B6BF-F989D7F7A650} - System32\Tasks\Go to RoboForm Install page => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJIMKJNMKMGMGMJMCNMMGMPMGMCNLMHMKJIMCNHMHMKMPMCNHMKJLMKMOJMJJMOJKMJJLMJMJNJICMJMCNGMCNHMHMFMGMCNOMOMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMALIIBJKJNIJNKJCMJNNICMJNDJCMKJBJ"
Task: {129535C6-9C98-470A-9221-9EDD51FA8482} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-06-11] (AVAST Software)
Task: {29EAE298-6871-465F-BFCF-31EC6AFC560A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4B8D0910-1505-4952-B0E6-7A984E3A14DE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-12-12] (Siber Systems)
Task: {4BCF080B-A1F2-460F-BB01-3751162A0FD6} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13] (AVAST Software)
Task: {5DC58CD3-2FEE-46A7-ADA7-AA6A349CD151} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {7C0341C5-E113-43B2-93BE-A77A3DE0F6A0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-08] (AVAST Software)
Task: {84A9A09A-8B83-4C32-9684-36C80A1AA5A6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-17] (AVAST Software)
Task: {8824D666-AA70-4FB0-8F95-11B66BB6D2B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {8C06F927-2B3E-4908-9749-BF520540A0E6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13] (AVAST Software)
Task: {A4F5C9D2-BF30-4157-B6A0-6FBF6969080D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
Task: {AE01A8DE-72F8-45F7-AE17-A5A1EEA36026} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
Task: {BFD5EBCB-C035-4B7B-8F6F-616F3C2EB7EA} - System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2009-01-26] (Safer Networking Limited)
Task: {CB9F60F3-21A7-4141-A9E9-753F7055C958} - System32\Tasks\{690B8524-1E2C-49C0-AFAE-16359EF3485A} => C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Documents\Products\LaughingBirdSoftware\LogoCreatorV3\WGC1_v3_Setup\WGC1_v3_Setup.exe -d C:\Users\Owner\Documents\Products\LaughingBirdSoftware\LogoCreatorV3\WGC1_v3_Setup
Task: {D2858E49-7CB5-481B-990C-7B9DD362EE80} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D6AB093D-C146-4371-8180-A6FC1D65EADF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-18] (Google Inc.)
Task: {DBECF677-CDAC-4BEF-A26F-D7DC51583562} - System32\Tasks\{6F2BD83F-63BD-4FFD-9FC4-D2227EB8B811} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Task: {E5662D04-B3B9-412D-8547-FEA3B6CFB4B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-16] (Adobe Systems Incorporated)
Task: {F3CCE017-D338-4F4A-8923-58A2FE611EA1} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26] (Safer Networking Limited)
Task: {F41ECE15-265F-41FC-A8E9-8E69005CDEA1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F7B83AE3-847D-4395-9809-37E50BC90CA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-18] (Google Inc.)
Task: {F8F9CE67-FCD4-4546-A0AD-5248356577FD} - System32\Tasks\{D5FE86F6-DD5B-4899-B7F6-347BD231CBC8} => C:\Windows\system32\pcalua.exe -a E:\AutoRunPro.exe -d E:\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-12-05 13:23 - 2015-10-13 12:26 - 000125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-08 08:04 - 2018-04-08 08:04 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-04-08 08:04 - 2018-04-08 08:04 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-17 22:12 - 2018-05-17 22:12 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-13 08:44 - 2018-06-13 08:44 - 005839504 _____ () C:\Program Files\AVAST Software\Avast\defs\18061302\algo.dll
2018-03-08 18:48 - 2018-03-08 18:48 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123simsen.com -> www.123simsen.com

There are 7937 more sites.

IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.

IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123simsen.com -> www.123simsen.com

There are 7936 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-06-14 08:34 - 000454428 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15598 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Yodi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\CompAdmin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.254 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{6614473A-4294-47B0-9E72-E30BC34B467C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A1E5153-E4CF-46CD-9514-8A5F89735CE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EECDD92A-BE36-4220-A350-1D13AF53A5B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AF2E9FF9-9E55-4FA3-8B6F-B77B18E779D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{454C2350-8C8F-46ED-A3EA-4B88A6C42634}] => (Allow) LPort=8501
FirewallRules: [{E9A238A4-E297-4272-8326-EB9D7574919F}] => (Allow) LPort=8501
FirewallRules: [{97C5FF8C-C541-4A34-B589-DDD1C14F1A54}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{BA9C0542-3115-4648-96A2-80E4989FAF77}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{5CBBF24A-C064-4A46-8D63-0A80FAF758E4}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{E861EFF1-A1F3-4885-8061-308C3177226F}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{D89E41BA-4CF3-41C1-B91D-E2964BC46496}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{784F969B-3BC5-469C-84D3-E7356BDEA5D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9ED137DB-1637-4448-9E49-D706B894BD28}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{843BEACA-E1A2-4941-96D3-DEE5F8E23150}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{112AA840-F81D-463E-AD20-F79EDFBA3BE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E281E9EE-F72C-4BA2-90A0-7C5A2571B6E6}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe

==================== Restore Points =========================

28-05-2018 00:00:02 Scheduled Checkpoint
04-06-2018 00:00:04 Scheduled Checkpoint
11-06-2018 00:18:08 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2018 08:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/14/2018 07:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/14/2018 06:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/14/2018 05:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/14/2018 04:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/14/2018 03:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/14/2018 02:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/14/2018 01:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (06/13/2018 04:40:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (06/13/2018 04:39:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:36:30 AM on ‎6/‎13/‎2018 was unexpected.

Error: (06/08/2018 05:36:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (06/08/2018 05:35:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:34:26 PM on ‎6/‎8/‎2018 was unexpected.

Error: (06/08/2018 02:44:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (06/08/2018 02:43:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Error: (06/07/2018 05:45:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/07/2018 05:40:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.


CodeIntegrity:
===================================

Date: 2018-06-05 22:18:22.740
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-05 22:18:22.581
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-05 22:18:22.423
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-05 22:18:22.248
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-01 16:35:30.322
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-01 16:35:30.176
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-01 16:35:30.029
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-01 16:35:29.881
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 32%
Total physical RAM: 8158.67 MB
Available physical RAM: 5533.5 MB
Total Virtual: 16315.52 MB
Available Virtual: 13537.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:1544.76 GB) NTFS
Drive d: () (Fixed) (Total:596.17 GB) (Free:365.06 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{d8f78e62-0eb1-11e4-95a2-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5409BCEB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2018-06-14 09:16:12
-----------------------------
09:16:12.109 OS Version: Windows x64 6.1.7601 Service Pack 1
09:16:12.109 Number of processors: 6 586 0x200
09:16:12.124 ComputerName: OWNER-PC446 UserName: Owner
09:16:13.731 Initialize success
09:16:13.762 VM: initialized successfully
09:16:13.762 VM: Amd CPU supported virtualized
09:16:21.874 AVAST engine defs: 18061302
09:16:43.980 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
09:16:43.980 Disk 0 Vendor: WDC_WD20 01.0 Size: 1907729MB BusType: 11
09:16:43.980 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
09:16:43.980 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 11
09:16:44.089 Disk 0 MBR read successfully
09:16:44.104 Disk 0 MBR scan
09:16:44.120 Disk 0 Windows 7 default MBR code
09:16:44.136 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:16:44.151 Disk 0 default boot code
09:16:44.151 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907626 MB offset 206848
09:16:44.151 Disk 0 scanning C:\Windows\system32\drivers
09:16:54.135 Service scanning
09:17:07.582 Modules scanning
09:17:07.582 Disk 0 trace - called modules:
09:17:07.614 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
09:17:07.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e93060]
09:17:07.614 3 CLASSPNP.SYS[fffff880019a243f] -> nt!IofCallDriver -> [0xfffffa8006e29ac0]
09:17:07.629 5 amd_xata.sys[fffff88001139d00] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8006e078b0]
09:17:09.174 AVAST engine scan C:\Windows
09:17:11.763 AVAST engine scan C:\Windows\system32
09:18:52.248 AVAST engine scan C:\Windows\system32\drivers
09:19:01.845 AVAST engine scan C:\Users\Owner
09:35:19.225 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
09:35:19.225 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Juliet
2018-06-14, 22:50
We need to see if we can get System restore working, it's a valuable tool.

try to temporarily disable AVAST to see if system restore can complete.
How to Temporarily Disable your Anti-virus

AVAST
Right-click on the avast! icon in system tray. Select avast! shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.
Remember to enable it again when needed.

read over the below link and follow Run the System File Checker, i.e., Run sfc /scannow
Run Check Disk,
http://www.thewindowsclub.com/system-restore-not-working-windows

RastorMosaic
2018-06-15, 07:23
Hello Juliet, thank you for your quick response.

Disabling Avast didn't do a thing. (I had actually tried that already) I had also tried logging into Safe Mode to do it, but no joy.

I ran the command you requested and I got...

"Windows Resource Protection did not find any integrity violations."

But I checked again and System Restore does now have a save point from June 11th. (I hadn't checked this for a few days, obviously) That was not there before last week when I had decided that something was definitely not right.

I tested to see if it would let me manually create a restore point, also, and it was successful.

RastorMosaic
2018-06-15, 07:27
Juliet,

I spoke too soon. It did not successfully create a manually created restore point, it gave an error...

"The restore point could not be created for the following reason...
The specified object was not be found. (Ox80042308)
Please try again."

Juliet
2018-06-15, 13:46
I think it's trying

Have you recently had a windows update and this is the result?

I really don't want to run any tools without having some sort of backup.

Let's see if we can get VSS to start
To restart Volume Shadow Copy Service:

Type ‘services.msc’ in the search bar from the Start menu and open the Services Manager
Locate and double-click ‘Volume Shadow Copy Service’.
Right-click on it and then first Stop the service and then Start it again.

Try to create a System Restore point now.

~~~~~~~~~~~~~~~~~`
Since I've saved info for the following tool the screen shots might have changed a bit but the procedure should still be the same.

Please Download Tweaking.com - Windows Repair from Here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
OR
Windows Repair (all in one) from here (http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/).


Disable all your antivirus and antimalware software - see how to do that here (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
- Right click on https://i.imgur.com/QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
http://i.imgur.com/2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
http://i.imgur.com/Ymy7crZ.png

- Go to Step 4, then click Do It.
http://i.imgur.com/zDtdN75.png

- Go to Step 5. Under System Restore click Create.
http://i.imgur.com/f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
http://i.imgur.com/PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

RastorMosaic
2018-06-16, 00:59
Hello :)

Before I do all this, I think I should let you know this detail.

I could not stop Volume Shadow Copy Service from services.msc because it was not started in the first place. I could start it, but since it wasn't started, I couldn't stop it. :) Should I turn it on and off and then on, then do your list of tasks?

Jodi

Juliet
2018-06-16, 15:11
Should I turn it on and off and then on,
Yes, let's see if that takes effect.

RastorMosaic
2018-06-19, 17:58
Juliet,

Sorry I've taken so long. Long busy weekend that extended into Monday.

I've done all but the Check Disc at Next Boot. Will be doing that when I can close this browser.

Also, you asked earlier if this happened after a windows update. I haven't updated windows in over a year. Also I run a utility called GWX Control Panel
I've heard some bad things about Win 10 and really didn't want those nagging updates. My computer ran fine for the last year, using it. The bugginess all just came out of the blue. The link, if you want to see it, is http://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.html

Oh, there were no integrity violations from the system file check.

Hope you had a good weekend. I'll be back after I reboot and run the file system check.
Thanks again,
Jodi

Juliet
2018-06-20, 12:39
How are things this morning?

RastorMosaic
2018-06-20, 19:02
Juliet,

Ok, Disc Check was STILL running when I went to bed... almost finished, but not quite at 90% at midnight.

This is the log from tweaking.com program...
There were ten files in the work folder, this is the one that said, _Windows Repair Log
Tweaking.com - Windows Repair 2018 (v4.0.20)
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
Running In Windows Safe Mode: False
OS: Windows 7 Professional
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: OWNER-PC446
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Owner
Current Profile SID: S-1-5-21-1769359704-1337508281-3947573860-1000
Current Profile Classes: S-1-5-21-1769359704-1337508281-3947573860-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Owner\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 09:14:23

Process Count: 63
Commit Total: 3.14 GB
Commit Limit: 15.93 GB
Commit Peak: 3.16 GB
Handle Count: 27372
Kernel Total: 643.70 MB
Kernel Paged: 524.45 MB
Kernel Non Paged: 119.26 MB
System Cache: 5.23 GB
Thread Count: 1197
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.97 GB
Memory Used: 2.78 GB(34.9298%)
Memory Avail.: 5.18 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.97 GB
Memory Used: 2.46 GB(30.8782%)
Memory Avail.: 5.51 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (6/20/2018 10:14:22 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 123

01 - Reset Registry Permissions
Restore Windows 7/8/10 Default Registry Permissions
Start (6/20/2018 10:14:37 AM)


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hku.7z
Done, 0.21 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hklm.7z
Done, 2.11 seconds.

Running Repair Under System Account
Done (6/20/2018 10:16:16 AM)

02 - Reset File Permissions
Restore Windows 7/8/10 Default File Permissions
Start (6/20/2018 10:16:16 AM)


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\default.7z
Done, 0.14 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\profile.7z
Done, 0.13 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\program_files.7z
Done, 0.14 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\program_files_x86.7z
Done, 0.14 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\programdata.7z
Done, 0.13 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\windows.7z
Done, 1.78 seconds.

Running Repair Under System Account
Done (6/20/2018 10:28:36 AM)

03 - Reset Service Permissions
Start (6/20/2018 10:28:36 AM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:29:47 AM)

04 - Register System Files
Start (6/20/2018 10:29:47 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:31:45 AM)

05 - Repair WMI
Start (6/20/2018 10:31:45 AM)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
Avast Antivirus Exported.
Malwarebytes Exported.

Exporting AntiSpyware Info...
Malwarebytes Exported.
Windows Defender Exported.
Avast Antivirus Exported.

Exporting 3rd Party Firewall Info...
Avast Antivirus Exported.

Running Repair Under Current User Account
Done (6/20/2018 10:33:22 AM)

06 - Repair Windows Firewall
Start (6/20/2018 10:33:22 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.13 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:34:10 AM)

07 - Repair Internet Explorer
Start (6/20/2018 10:34:10 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:34:32 AM)

08 - Repair MDAC/MS Jet
Start (6/20/2018 10:34:32 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:34:41 AM)

09 - Repair Hosts File
Start (6/20/2018 10:34:41 AM)
Running Repair Under System Account
Done (6/20/2018 10:34:42 AM)

10 - Remove Policies Set By Infections
Start (6/20/2018 10:34:42 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:34:44 AM)

11 - Repair Start Menu Icons Removed By Infections
Start (6/20/2018 10:34:44 AM)
Running Repair Under System Account
Done (6/20/2018 10:34:45 AM)

12 - Repair Icons
Start (6/20/2018 10:34:45 AM)
Running Repair Under Current User Account
Done (6/20/2018 10:36:33 AM)

13 - Repair Network
Start (6/20/2018 10:36:33 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.14 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:36:54 AM)

14 - Remove Temp Files
Start (6/20/2018 10:36:54 AM)
Running Repair Under System Account
Done (6/20/2018 10:36:56 AM)

15 - Repair Proxy Settings
Start (6/20/2018 10:36:56 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:36:58 AM)

16 - Repair Windows Updates
Start (6/20/2018 10:36:58 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.13 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (6/20/2018 10:37:23 AM)

17 - Repair CD/DVD Missing/Not Working
Start (6/20/2018 10:37:24 AM)
iTunes and GEARAspiWDM.sys was found, adding UpperFilters for iTunes Reg Key
UpperFilters added?: True
Done (6/20/2018 10:37:24 AM)

18 - Repair Volume Shadow Copy Service
Start (6/20/2018 10:37:24 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.14 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:05 AM)

19 - Repair Windows Sidebar/Gadgets
Start (6/20/2018 10:38:05 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:08 AM)

20 - Repair MSI (Windows Installer)
Start (6/20/2018 10:38:08 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.12 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:21 AM)

21 - Repair Windows Snipping Tool
Start (6/20/2018 10:38:21 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:23 AM)

22.01 - Repair bat Association
Start (6/20/2018 10:38:23 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:25 AM)

22.02 - Repair cmd Association
Start (6/20/2018 10:38:25 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:27 AM)

22.03 - Repair com Association
Start (6/20/2018 10:38:27 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:29 AM)

22.04 - Repair Directory Association
Start (6/20/2018 10:38:30 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:32 AM)

22.05 - Repair Drive Association
Start (6/20/2018 10:38:32 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:34 AM)

22.06 - Repair exe Association
Start (6/20/2018 10:38:34 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:36 AM)

22.07 - Repair Folder Association
Start (6/20/2018 10:38:36 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:38 AM)

22.08 - Repair inf Association
Start (6/20/2018 10:38:38 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:40 AM)

22.09 - Repair lnk (Shortcuts) Association
Start (6/20/2018 10:38:40 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:43 AM)

22.10 - Repair msc Association
Start (6/20/2018 10:38:43 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:45 AM)

22.11 - Repair reg Association
Start (6/20/2018 10:38:45 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:47 AM)

22.12 - Repair scr Association
Start (6/20/2018 10:38:47 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:49 AM)

23 - Repair Windows Safe Mode
Start (6/20/2018 10:38:49 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:38:51 AM)

24 - Repair Print Spooler
Start (6/20/2018 10:38:51 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.14 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:39:07 AM)

25 - Restore Important Windows Services
Start (6/20/2018 10:39:07 AM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done, 0.17 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:39:15 AM)

26 - Set Windows Services To Default Startup
Start (6/20/2018 10:39:15 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:39:20 AM)

27.01 - Repair Windows 8/10 App Store
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1.7601

28 - Repair Windows 8/10 Component Store
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1.7601

29 - Restore Windows 8/10 COM+ Unmarshalers
Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1.7601

30 - Repair Windows 'New' Submenu
Start (6/20/2018 10:39:20 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:39:22 AM)

31 - Restore UAC (User Account Control) Settings
Start (6/20/2018 10:39:22 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (6/20/2018 10:39:24 AM)

32 - Repair Performance Counters
Start (6/20/2018 10:39:24 AM)
Running Repair Under Current User Account
Done (6/20/2018 10:39:32 AM)

Cleaning up empty logs...

All Selected Repairs Done.
Done at (6/20/2018 10:39:32 AM)
Total Repair Time: 00:25:12


...YOU MUST RESTART YOUR SYSTEM...

Juliet
2018-06-20, 19:48
Usually after running a repair it can take a couple of reboots to see any improvements.
My main idea was to get system restore enabled.


Let's run a couple of tools to search for malware.

http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



~~~~~~~~~~~~~~~~~~~~~~~`
http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply


Your next reply(ies) should therefore contain:

Copy/pasted AdwCleaner clean log
Copy/pasted RogueKiller clean log


create by Aura

RastorMosaic
2018-06-21, 01:46
Hello Juliet, Here are the logs from AdwCleaner and Rogue

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-19.4
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-20-2018
# Duration: 00:00:02
# OS: Windows 7 Professional
# Cleaned: 4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softwareupdate.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softwareupdate.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1524 octets] - [20/06/2018 17:11:48]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########



RogueKiller V12.12.23.0 (x64) [Jun 18 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/20/2018 17:23:08 (Duration : 00:20:10)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 30 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\RK_Administrator_ON_D_243F\Software\AVG Secure Search -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Administrator_ON_D_243F\Software\AVG Secure Search -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Guest_ON_D_624C\Software\AVG Secure Search -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Guest_ON_D_624C\Software\AVG Secure Search -> Deleted
[PUP.Auslogics] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Auslogics -> Deleted
[PUP.Auslogics] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Auslogics -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_UpdatusUser_ON_D_0334\Software\AVG Secure Search -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_UpdatusUser_ON_D_0334\Software\AVG Secure Search -> Deleted
[PUP.MyPCBackup|PUP.Gen1] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE} -> Deleted
[PUP.MyPCBackup|PUP.Gen1] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE} -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Internet Explorer\Main | Start Page : https://startpage.com/do/mypage.pl?prf=d8cab9aaddb88a48c9908c7241640d55 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Internet Explorer\Main | Start Page : https://startpage.com/do/mypage.pl?prf=d8cab9aaddb88a48c9908c7241640d55 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Internet Explorer\Main | Search Page : https://startpage.com/do/mypage.pl?prf=d8cab9aaddb88a48c9908c7241640d55 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Internet Explorer\Main | Search Page : https://startpage.com/do/mypage.pl?prf=d8cab9aaddb88a48c9908c7241640d55 -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.StartMenu] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\RK_Owner_ON_D_C22C\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1769359704-1337508281-3947573860-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 4 ¤¤¤
[PUM.SearchEngine][Firefox:Config] kvfgv9ur.default : user_pref("browser.search.selectedEngine", "Yahoo! (Avast)"); -> Deleted
[PUM.SearchEngine][Firefox:Config] kvfgv9ur.default : user_pref("browser.search.defaultenginename", "Yahoo! (Avast)"); -> Deleted
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [https://m.uscellular.com/uscellular/app/login/authenticate/] -> Deleted
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://m.uscellular.com/uscellular/app/login/authenticate/] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20 03FZEX-00Z4SA0 SATA Disk Device +++++
--- User ---
[MBR] d50ad695b9744c75455cfc08cf659869
[BSP] fd40a82f0839e6f9270ad5a6861e35bf : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907626 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD64 00AAKS-65A7B2 SATA Disk Device +++++
--- User ---
[MBR] 7c4554e9db9e180b05af0c5c3abaf317
[BSP] b6be6e9d0f0336d35e5e33756ce073f7 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 610478 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-PRO USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Juliet
2018-06-21, 03:28
Let's check for remnants

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.
OR from this location Here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/)


Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
After the installation IS complete let it update if it asks.
Under SETTINGS.....APPLICATIONS leave everything at default
Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
Then go to the Dashboard and click on SCAN NOW
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
Then click on POST
Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Please post these 2 logs when finished.



Since the computer should had been rebooted a couple of times now, how is it at the moment?

RastorMosaic
2018-06-22, 03:39
Malware Bytes...
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/21/18
Scan Time: 3:03 AM
Log File: a4963660-7529-11e8-a206-fcaa14e2776d.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5564
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 356430
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 26 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/21/18
Scan Time: 3:03 AM
Log File: a4963660-7529-11e8-a206-fcaa14e2776d.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5564
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 356430
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 26 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

RastorMosaic
2018-06-22, 03:44
running eek now...

computer is booting up three times faster and some of the quirky behavior has stopped. :)
Thanks for asking.

BTW, I have malware bytes installed, paid version that runs all the time.

RastorMosaic
2018-06-22, 03:49
Juliet, squeaky clean? :)


Emsisoft Emergency Kit - Version 2018.4
Last update: 6/21/2018 7:43:59 PM
User account: Owner-PC446\Owner
Computer name: OWNER-PC446
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 6/21/2018 7:44:34 PM

Scanned 76391
Found 0

Scan end: 6/21/2018 7:47:41 PM
Scan time: 0:03:07

Juliet
2018-06-22, 04:03
Yes. it's looking much better now.

Sorry I didn't catch you already had MBAM on board.

Let's give it a day, use the computer as you normally do.
If something should raise it's ugly head, please take note and let me know.

RastorMosaic
2018-06-22, 04:37
Errrr... I just tried to create a system restore point and it still says, "object not found"

Juliet
2018-06-22, 13:12
Do you have any removable storage media devices connected to your laptop when trying to create a restore point?

~~

Click “Start”, type services.msc in the Search bar and press Enter.

Note: If UAC (User Account Control) window is prompted for permission to continue, please click “Continue”.

Double click “Volume Shadow Copy Service” and switch to “General” tab.

Change the “Startup type” to “Automatic” and click “Apply”.

Click “Start” and click “OK”.

~~
Try to create a Restore Point two or three more times to make sure the errors are well logged in the Event Viewer, then follow the instructions below.

~~~~~~~~~~~~`
http://i.imgur.com/3Al62Pm.pngMiniToolBox

Download MiniToolBox (http://www.bleepingcomputer.com/download/minitoolbox/dl/65/) and move the executable file to your Desktop;
Execute MiniToolBox and check the following options:

List Installed Programs;
List Last 10 Event Viewer Errors;
List Devices - Only Problems;
List Users, Partitions and Memory size;
http://i.imgur.com/wNeKMCX.png

Once this is done, click on Go and wait for the scan to complete;
Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

RastorMosaic
2018-06-22, 19:36
Created three restore points :)

Results of Mini Tool Box...
MiniToolBox by Farbar Version: 17-06-2016
Ran by Owner (administrator) on 22-06-2018 at 11:35:02
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Model: To be filled by O.E.M. Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/22/2018 10:46:18 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/22/2018 09:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/22/2018 08:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/22/2018 07:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/22/2018 06:46:18 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/22/2018 05:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/22/2018 04:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/22/2018 03:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/22/2018 02:46:18 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (06/22/2018 01:46:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (06/22/2018 12:02:17 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because of an IO failure on volume D:.

Error: (06/21/2018 08:41:10 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because of an IO failure on volume D:.

Error: (06/21/2018 08:35:47 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because of an IO failure on volume D:.

Error: (06/21/2018 08:29:28 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because of an IO failure on volume D:.

Error: (06/21/2018 07:57:23 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MAHLON-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{79461EA5-6AF5-4F5B-9C66-6A3724E731E4}.
The master browser is stopping or an election is being forced.

Error: (06/21/2018 07:50:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger

Error: (06/21/2018 12:12:19 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because of an IO failure on volume D:.

Error: (06/20/2018 06:46:04 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because of an IO failure on volume D:.

Error: (06/20/2018 05:25:45 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MAHLON-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{79461EA5-6AF5-4F5B-9C66-6A3724E731E4}.
The master browser is stopping or an election is being forced.

Error: (06/20/2018 05:19:35 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2018-06-05 22:18:22.740
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-05 22:18:22.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-05 22:18:22.423
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-05 22:18:22.248
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-01 16:35:30.322
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-01 16:35:30.176
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-01 16:35:30.029
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-01 16:35:29.881
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-01 16:26:11.882
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.23814_none_57691565f26c4f22\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-06-01 16:26:11.735
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.23814_none_57691565f26c4f22\bcrypt.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AI RoboForm (HKCU\...\AI RoboForm) (Version: - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.4888 - AVAST Software)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 66.2.567.182 - AVAST Software)
BeCyPDFMetaEdit (HKLM-x32\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12212.0 - Cisco Consumer Products LLC)
Colour Spy 1.5 (HKLM-x32\...\Colour Spy_is1) (Version: - SilverAge Software, Inc.)
Core FTP Pro (HKLM-x32\...\CoreFTP) (Version: - )
Core FTP Pro (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - )
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation)
Corel PaintShop Pro X4 (HKLM-x32\...\{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}) (Version: 14.3.0.3 - Corel Corporation) Hidden
doPDF (HKLM\...\{F64C7477-8040-4993-9554-EC22AE7FA2C0}) (Version: 8.9.951 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{3e04b5b8-dfc4-4bb3-99a1-a57ad01e1d55}) (Version: 8.9.951 - Softland)
e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
f.lux (HKCU\...\Flux) (Version: - f.lux Software LLC)
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.91 - Outertech)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)
ICA (HKLM-x32\...\{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IPM_PSP_COM (HKLM-x32\...\{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}) (Version: 14.0.0.332 - Corel Corporation) Hidden
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{9F60F614-829C-4DE0-8671-C977529A0CAE}) (Version: 8.9.951 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{D175C46B-DDC1-49B2-95C4-93825A97E718}) (Version: 8.9.951 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{C5275556-5365-45C5-9586-1F6D56CD4BB4}) (Version: 8.9.951 - Softland)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
PSPPContent (HKLM-x32\...\{006CAAEF-CA96-4181-AC22-FE56D61432E4}) (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{00D74A7A-F7AD-4D00-ABD2-0973836292C7}) (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{0015DE8E-8D9F-403E-8E5A-4098410E6125}) (Version: 14.0.0.332 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
RogueKiller version 12.12.23.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.23.0 - Adlice Software)
Setup (HKLM-x32\...\{00D13418-7DDF-4D3D-A237-E297B103BB6B}) (Version: 14.0.0.332 - Corel Corporation) Hidden
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stellarium 0.11.2 (HKLM-x32\...\Stellarium_is1) (Version: - )
SwordSearcher 4.1 Deluxe (HKLM-x32\...\{446E6F82-8899-447D-86EB-2399F453C858}) (Version: 4.1.1001 - Brandon Staggs)
The Character Creator Add On Pak v4 (HKLM-x32\...\The Character Creator Add On Pak) (Version: v4 - Laughingbird Software)
The Logo Creator v5 (HKLM-x32\...\The Logo Creator v5) (Version: - )
The Web Graphics Creator v3 (HKLM-x32\...\The Web Graphics Creator v3) (Version: - )
TimePassages (HKLM\...\{86498CF1-A12E-4132-9DC2-6093F7427C44}) (Version: 6.0.6 - AstroGraph Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.20 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Zoom (HKCU\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 8160.31 MB
Available physical RAM: 4803.47 MB
Total Virtual: 16318.8 MB
Available Virtual: 12301.86 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:1862.92 GB) (Free:1544.35 GB) NTFS
2 Drive d: () (Fixed) (Total:596.17 GB) (Free:365.09 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC446

Administrator CompAdmin Guest
Owner Yodi


**** End of log ****

Juliet
2018-06-22, 20:31
say what?

Created three restore points

which directions did you follow that allowed a restore point to be made?

~~

Description: Product: Avast Update Helper <==your machine showed a few errors with this

You may get this if you have Avast Secure Browser installed. Fix is to uninstall ASB for now.
https://forum.avast.com/index.php?topic=218260.msg1457606#msg1457606

RastorMosaic
2018-06-22, 22:17
Juliet,

Just after I ran services.msc, (performed your directions there) then checked that Malware Bytes had a log from 3am I could use.

Before I ran the MiniToolBox tool.

What, may I ask, has been the trouble?
I am uninstalling Avast Secure Browser... I never think to use that anyway.

Jodi

Juliet
2018-06-22, 23:09
Double click “Volume Shadow Copy Service” and switch to “General” tab.
Change the “Startup type” to “Automatic” and click “Apply”.
Click “Start” and click “OK”.
(VSS) ==> (Volume Shadow Copy Service) my opinion had been disabled through an application on your computer. I can't tell you what but if it was reset that easily, it was an application/program.
I think in the past some people talk about stopping Microsoft windows updates and this can happen but in a way I guessing at that and could be totally wrong too.

You had adware, low intent malware on your computer so it wasn't adding up to be malicious/virus involved.
******

Ready to remove tools and quarantine folders?

RastorMosaic
2018-06-23, 10:07
Juliet, well, with all the precautions (I think) I take, it still irks me that there were still some found.
Are there any of these I can keep to run from time to time?

Also, I don't know if you saw this... I run a program from

http://ultimateoutsider.com/downloads/

called, GWX Control Panel. I have had this morbid fear of Win10

I got sick of looking through lists to keep any updates from sneaking on here that include them AND the nagging...

I have not done a windows update in a very VERY long time.

Since we seem to be almost done here, would it be okay if I stuck around until I did them ?
Any recommendations there?

I so very truly appreciate your help.
Jodi

RastorMosaic
2018-06-23, 10:12
Also, I've only installed two or three new programs since this all started, I will go back and see what they were and see what they do, and see if I really need them. It is hard to imagine that any programs I've installed in the last five months could do something like this... at least to me, it's NOT a small thing.

RastorMosaic
2018-06-23, 10:58
AAAAAAAaaack....just tootling along to stop working, closing programs, checking the last email, browser (firefox) open and I move mouse to close and WHAM a full blue screen that I have 'crashed' and the computer needs to dump?

It didn't go off, it went silently black until I turned it off. Turned it back on and got the "Start Windows Normally?" yes.

Seems okay, but where did that come from? It flashed before me so fast, all I got was problem and needs to dump and it was gone.
Is that just the system adjusting? LOL or what?

Juliet
2018-06-23, 16:05
My opinion on GWX Control Panel is that it's probably not needed any more.
You can leave it on the computer and it wont hurt anything. At the time when all of these updates were being pushed through, I disabled Windows updates through my control panel.

I'm listing a few links to read over that indicate the updates for upgrading older versions of Windows machines to Windows 10 have stopped.
Please read the entire articles.

can I remove and disable the 'Get Windows 10' notification, Do they still push Windows 10?

http://www.tomshardware.com/answers/id-3461458/push-windows.html
the free upgrade period for w10 has long passed. You'll probably still get some popups, but shouldn't automatically install w10.
they no longer push KB3035583

GWX Control Panel and KB 3184143
https://forums.windowssecrets.com/showthread.php/179173-GWX-Control-Panel-and-KB-3184143

Remove software related to the Windows 10 free upgrade offer
https://support.microsoft.com/en-us/help/3184143/remove-software-related-to-the-windows-10-free-upgrade-offer

Windows 7: no more Windows 10 update? (remove GWX control panel)
https://www.sevenforums.com/windows-updates-activation/405415-no-more-windows-10-update-remove-gwx-control-panel.html

~~~~~~~~~~~~~~~

I can supply a tool for you to download and use to remove all I had you place on the computer and it removes all files related. It's easier then trying to find all the info by yourself.


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

**************************

Now, on the Blue screen
If it's only once this happened, theres probably not an issue but, if this happens kinda often.....we will need to get this checked out.
I'll send you over to a tech forum (I'm a member there too) and the tech guys can attempt to check the computer for issues.

~~~~

If you question the antivirus app you have now I can list information on different ones you can read over if you should decide you would like to change.

Anti-Virus, Anti-Malware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (which also includes an Anti-Virus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-Virus

https://i.imgur.com/sZQBUGE.pngSophos Home (https://home.sophos.com/reg)
https://i.imgur.com/GCZb0TR.pngBitdefender Free Antivirus (http://www.bitdefender.com/solutions/free.html)
https://i.imgur.com/1lXc99W.pngEmsisoft Anti-Malware (https://www.emsisoft.com/en/software/antimalware/) - Free 30 day trial. Once it expires, EAM enters into a freeware mode where it is still considered an Antivirus program, but without real-time protection
https://i.imgur.com/szLrBjg.pngAvira Free Antivirus (https://www.avira.com/en/avira-free-antivirus)
https://i.imgur.com/90ChiEw.pngavast! Free Antivirus (https://www.avast.com/index)


Anti-Malware

https://i.imgur.com/j1Bynr2.pngMalwarebytes (https://www.malwarebytes.org/) - Has both a free and paid version. The Premium version of Malwarebytes also offers Exploit and Ransomware protection, for a complete package of: Malware, Web, Exploit and Ransomware protection
https://i.imgur.com/S2NFpNw.pngHitmanPro 3 (http://www.surfright.nl/en/hitmanpro) - Free 30 day trial
https://i.imgur.com/ncqvIpu.pngZemana AntiMalware (https://www.zemana.com/AntiMalware) - Free 30 day trial

created by Aura

RastorMosaic
2018-06-23, 17:56
Juliet,

Ok, I ead the articles. I wish I had time to go to the classed mentioned in your footer. Wow, to be able to learn this and be able to help other people get patched up would be very cool... keeping that in mind. Do you enjoy it?

I read about the Win10 (telemetry) prevention. I didn't know about Spybot's Anti-Beacon. I am going to download that and hope it doesn't cross paths with MalwareBytes. :)

I ran the Delfix and it did it's job :) That's pretty neat.

As for the blue screen, this is the only time in this (now 2 yr old) computer's life that this has ever happened. Something tells me that we just "jerked it around" a little and it had to cleanse itself (may sound hokey, but the only way I know to say it)... not real worried.

I'd certainly go to the tech forum as I'm not completely certain that hardware is up to par.

I've used Avast for years... is this simply a personal preference or is there truly one that stands above the others?

Thanks Juliet, you've been most helpful.
Jodi

Juliet
2018-06-23, 21:10
Juliet,

Ok, I read the articles. I wish I had time to go to the classed mentioned in your footer. Wow, to be able to learn this and be able to help other people get patched up would be very cool... keeping that in mind. Do you enjoy it?

I read about the Win10 (telemetry) prevention. I didn't know about Spybot's Anti-Beacon. I am going to download that and hope it doesn't cross paths with MalwareBytes. :)

I ran the Delfix and it did it's job :) That's pretty neat.

As for the blue screen, this is the only time in this (now 2 yr old) computer's life that this has ever happened. Something tells me that we just "jerked it around" a little and it had to cleanse itself (may sound hokey, but the only way I know to say it)... not real worried.

I'd certainly go to the tech forum as I'm not completely certain that hardware is up to par.

I've used Avast for years... is this simply a personal preference or is there truly one that stands above the others?

Thanks Juliet, you've been most helpful.
Jodi
Classes to malware removal are rewarding and complicated at the same time. It can be time consuming but on the other hand informative and helpful.

I have very much enjoyed helping people (and there are those who shouldn't own a computer or those who think they know more). To some this is how they reach the outside world, mostly seniors and handicapped, I felt compelled to help and could feel their stress. I wanted them to have everything back to normal as possible.

If you think you should have a hardware check up visit the below site and sign up
https://forums.whatthetech.com/index.php?showforum=126


As for Avast over other antivirus.....I can't say. Not trying to avoid the question but, I think personally it matters what you feel works well with your system and gives you good security. One important rule to keep in mind is layered security apps.

If you have not done so already, you may want to read:

Answers to common security questions - Best Practices for Safe Computing (https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/)[
Simple and easy ways to keep your computer safe and secure on the Internet (https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/)
Supplementing your Anti-Virus Program with Anti-Malware Tools (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2413189)
How Malware Spreads - How your system gets infected (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-your-system-gets-infected/)

RastorMosaic
2018-06-24, 05:55
Juliet,

Noted. I appreciate you. Thanks :)
I agree with your comments, no wonder they call them "personal" computers...
Peoples computers are very personal to them.

Will read the articles.
I guess we can call it done. :)

Sincerely,
Jodi

Juliet
2018-06-24, 13:59
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.