Page 1 of 4 1234 LastLast
Results 1 to 10 of 34

Thread: unexpected error encountered computer must restart msg

  1. #1
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default unexpected error encountered computer must restart msg

    A couple of days ago I booted up my computer and attempted to launch my browser (I use Google Chrome) and my screen turned blue with a quick msg that said something like unexpected error computer must restart and something about sending an error report? My computer screen went black pretty quickly but did not power down completely. The green lights on the tower were still on. I had to manually turn it off by pressing the power button. I waited for several minutes before turning it back on. It powered on but the screen was black. I turned it off again, unplugged everything (I'm not sure why I did it) plugged everything back in and powered it back on and it froze at the first screen (which is the Dell Bios screen) I left it for a long time (20 minutes or more) and it never progressed. Later I turned my computer on and it booted up as usual and I was able to use it until I was done. I ran Spybot and fixed what was found. The next day it wouldn't power up properly again. I had to repeat it three or four times to get it to fully boot up. I don't know if it's a hardware or software problem. I thought I would check with the experts at Safer-Networking to find out if this was happening to anyone else and could be fixed.

    I'm using Windows 10.

    I appreciate any assistance you can provide.

    Thanks, Tonia

  2. #2
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default Frst.txt

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Google) C:\Program Files\Google\Drive\googledrivesync.exe
    (Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google) C:\Program Files\Google\Drive\googledrivesync.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1608.2211.0_x86__8wekyb3d8bbwe\CompanionApp.exe
    () C:\Users\Owner\Downloads\Antivirus_Free_Edition_x86.exe
    (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
    (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Users\Owner\Downloads\FRST (1).exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
    HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
    HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [Amazon Music] => C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-18] ()
    HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
    HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [Spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-18] (Spotify Ltd)
    HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-08-18] (Spotify Ltd)
    HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
    Tcpip\..\Interfaces\{d6e9e1c6-feb1-488b-99c5-676444bb5929}: [DhcpNameServer] 209.18.47.62 209.18.47.61

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\41z8meb4.default-1437084644509
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4030092792-1861841708-2368464224-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-08-04] (Citrix Online)

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxps://my.yahoo.com/"
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Play Music) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-08-31]
    CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
    CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
    CHR Extension: (Pinterest Save Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-07-20]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
    CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
    CHR HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
    S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S3 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2016-07-01] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
    S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
    S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [108008 2013-07-02] (Bitdefender SRL)
    R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
    S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [137632 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [22432 2012-10-19] (Windows (R) Win 7 DDK provider)
    R3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2016-08-31] (Malwarebytes Corporation)
    R1 MpKsl91059ad0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EE8385C6-6305-4FCD-9414-94511AFC3273}\MpKsl91059ad0.sys [39168 2016-08-31] (Microsoft Corporation)
    R3 NuidFltr; C:\WINDOWS\System32\drivers\NuidFltr.sys [44328 2015-11-17] (Microsoft Corporation)
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
    U3 idsvc; no ImagePath
    U3 wpcsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-01 23:56 - 2016-09-01 23:57 - 00014640 _____ C:\Users\Owner\Downloads\FRST.txt
    2016-09-01 23:53 - 2016-09-01 23:56 - 00000000 ____D C:\FRST
    2016-09-01 23:52 - 2016-09-01 23:53 - 01747968 _____ (Farbar) C:\Users\Owner\Downloads\FRST (1).exe
    2016-09-01 23:43 - 2016-09-01 23:43 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-OWNER-PC-Windows-10-Home-(32-bit).dat
    2016-09-01 23:43 - 2016-09-01 23:43 - 00000000 ____D C:\RegBackup
    2016-09-01 23:41 - 2016-09-01 23:41 - 00017375 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2016-09-01 23:41 - 2016-09-01 23:41 - 00002258 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2016-09-01 23:41 - 2016-09-01 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-09-01 23:41 - 2016-09-01 23:41 - 00000000 ____D C:\Program Files\Tweaking.com
    2016-09-01 23:39 - 2016-09-01 23:41 - 05575304 _____ (Tweaking.com) C:\Users\Owner\Downloads\tweaking.com_registry_backup_setup.exe
    2016-09-01 21:55 - 2016-09-01 21:55 - 00242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
    2016-09-01 21:55 - 2016-09-01 21:55 - 00217968 _____ C:\ProgramData\1472780618.bdinstall.bin
    2016-09-01 21:47 - 2016-09-01 21:47 - 00002249 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
    2016-09-01 21:47 - 2016-09-01 21:47 - 00000000 ____D C:\WINDOWS\LastGood
    2016-09-01 21:47 - 2016-09-01 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
    2016-09-01 21:47 - 2013-04-17 13:59 - 00633344 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
    2016-09-01 21:47 - 2013-04-17 13:59 - 00486536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
    2016-09-01 21:47 - 2012-11-02 13:17 - 00242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\SETB00C.tmp
    2016-09-01 21:44 - 2016-09-01 21:47 - 00000000 ____D C:\Program Files\Bitdefender
    2016-09-01 21:44 - 2013-05-28 11:11 - 00355744 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
    2016-09-01 21:44 - 2013-04-22 12:20 - 00164952 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
    2016-09-01 21:43 - 2016-09-01 21:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
    2016-09-01 21:42 - 2016-09-01 21:43 - 10056744 _____ C:\Users\Owner\Downloads\Antivirus_Free_Edition_x86.exe
    2016-09-01 21:42 - 2016-09-01 21:42 - 00196944 _____ C:\Users\Owner\Downloads\Antivirus_Free_Edition.exe
    2016-09-01 19:29 - 2016-09-01 19:29 - 00093748 _____ C:\WINDOWS\Minidump\090116-35281-01.dmp
    2016-08-31 18:56 - 2016-08-31 18:56 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2016-08-31 18:56 - 2016-08-31 18:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
    2016-08-30 17:30 - 2016-08-30 17:29 - 00453443 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160830-173036.backup
    2016-08-30 17:29 - 2016-04-01 11:27 - 00451921 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160830-172941.backup
    2016-08-30 15:51 - 2016-09-01 19:29 - 240225385 _____ C:\WINDOWS\MEMORY.DMP
    2016-08-30 15:51 - 2016-08-30 15:51 - 00094228 _____ C:\WINDOWS\Minidump\083016-43734-01.dmp
    2016-08-24 22:15 - 2016-08-24 22:16 - 07334450 _____ C:\Users\Owner\Downloads\33-ways-to-write-stronger-characters-worksheet.pdf
    2016-08-23 09:12 - 2016-08-23 09:12 - 04387191 _____ C:\Users\Owner\Downloads\The-Complete-First-Website-Manual.pdf
    2016-08-18 17:33 - 2016-08-18 17:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
    2016-08-10 11:56 - 2016-08-03 01:52 - 05793632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-08-10 11:56 - 2016-08-03 01:52 - 00083808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2016-08-10 11:56 - 2016-08-03 01:32 - 00413024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2016-08-10 11:56 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-08-10 11:56 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2016-08-10 11:56 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-08-10 11:56 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2016-08-10 11:56 - 2016-08-03 01:29 - 01337680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2016-08-10 11:56 - 2016-08-03 01:29 - 00633192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2016-08-10 11:56 - 2016-08-03 01:28 - 00505136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-08-10 11:56 - 2016-08-03 01:28 - 00139616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-08-10 11:56 - 2016-08-03 01:21 - 01712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-08-10 11:56 - 2016-08-03 01:21 - 00483680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-08-10 11:56 - 2016-08-03 01:21 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-08-10 11:56 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
    2016-08-10 11:56 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
    2016-08-10 11:56 - 2016-08-03 00:41 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-08-10 11:56 - 2016-08-03 00:39 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
    2016-08-10 11:56 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
    2016-08-10 11:56 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-08-10 11:56 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2016-08-10 11:56 - 2016-08-03 00:33 - 01152512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-08-10 11:56 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2016-08-10 11:56 - 2016-08-03 00:32 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-08-10 11:56 - 2016-08-03 00:32 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2016-08-10 11:56 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2016-08-10 11:56 - 2016-08-03 00:27 - 02973696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-08-10 11:56 - 2016-08-03 00:27 - 01903104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-08-10 11:56 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-08-10 11:56 - 2016-08-03 00:24 - 01735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2016-08-10 11:56 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-08-10 11:56 - 2016-08-03 00:22 - 01900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-08-10 11:56 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-08-10 11:56 - 2016-08-03 00:22 - 01086976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-08-10 11:56 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
    2016-08-10 11:55 - 2016-08-03 02:27 - 01303744 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-08-10 11:55 - 2016-08-03 02:27 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-08-10 11:55 - 2016-08-03 02:27 - 00045760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-08-10 11:55 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
    2016-08-10 11:55 - 2016-08-03 01:43 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-08-10 11:55 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-08-10 11:55 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-08-10 11:55 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2016-08-10 11:55 - 2016-08-03 01:32 - 00260448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2016-08-10 11:55 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
    2016-08-10 11:55 - 2016-08-03 01:18 - 00346464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2016-08-10 11:55 - 2016-08-03 00:58 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2016-08-10 11:55 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
    2016-08-10 11:55 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
    2016-08-10 11:55 - 2016-08-03 00:48 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2016-08-10 11:55 - 2016-08-03 00:47 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-08-10 11:55 - 2016-08-03 00:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-08-10 11:55 - 2016-08-03 00:44 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2016-08-10 11:55 - 2016-08-03 00:43 - 00180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
    2016-08-10 11:55 - 2016-08-03 00:43 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
    2016-08-10 11:55 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2016-08-10 11:55 - 2016-08-03 00:40 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2016-08-10 11:55 - 2016-08-03 00:40 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-08-10 11:55 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
    2016-08-10 11:55 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-08-10 11:55 - 2016-08-03 00:39 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-08-10 11:55 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-08-10 11:55 - 2016-08-03 00:37 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2016-08-10 11:55 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2016-08-10 11:55 - 2016-08-03 00:35 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2016-08-10 11:55 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-08-10 11:55 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-08-10 11:55 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-08-10 11:55 - 2016-08-03 00:33 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-08-10 11:55 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-08-10 11:55 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-08-10 11:55 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2016-08-10 11:55 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2016-08-10 11:55 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-08-10 11:55 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-08-10 11:55 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-08-10 11:55 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2016-08-10 11:55 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-08-10 11:55 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-08-10 11:55 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2016-08-10 11:55 - 2016-08-03 00:20 - 03483648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2016-08-08 21:57 - 2016-08-08 21:57 - 00077312 _____ C:\Users\Owner\Downloads\Novel Working Charts.xls
    2016-08-08 19:27 - 2016-08-08 19:27 - 07238029 _____ C:\Users\Owner\Downloads\starstruck_shifter.mobi
    2016-08-08 19:27 - 2016-08-08 19:27 - 00572781 _____ C:\Users\Owner\Downloads\untamed_obsession_den_of_sin_.mobi
    2016-08-08 19:24 - 2016-08-08 19:25 - 02142864 _____ C:\Users\Owner\Downloads\raw_and_dirty.mobi
    2016-08-05 17:45 - 2016-08-05 17:45 - 06153790 _____ C:\Users\Owner\Downloads\dict-en.oxt
    2016-08-04 22:55 - 2016-08-04 22:55 - 00567103 _____ C:\Users\Owner\Downloads\The Boss Vol 1-3 - Cari Quinn.mobi
    2016-08-04 16:12 - 2016-08-31 20:19 - 00000000 ____D C:\Users\Owner\AppData\Local\Citrix
    2016-08-02 18:33 - 2016-08-02 18:34 - 01369722 _____ C:\Users\Owner\Downloads\safe_haven_boxed_set.mobi

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-01 23:23 - 2014-09-07 15:09 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-09-01 23:07 - 2013-03-12 12:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-09-01 21:47 - 2015-10-30 01:47 - 00000000 ____D C:\WINDOWS\INF
    2016-09-01 19:52 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-09-01 19:52 - 2015-10-30 01:39 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-09-01 19:48 - 2015-10-30 01:48 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-09-01 19:48 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-09-01 19:32 - 2014-09-07 15:12 - 00000000 ___RD C:\Users\Owner\Google Drive
    2016-09-01 19:30 - 2014-09-07 15:09 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-09-01 19:29 - 2016-07-28 23:25 - 00000000 ____D C:\WINDOWS\Minidump
    2016-09-01 19:29 - 2016-03-10 10:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-08-31 20:24 - 2015-08-05 17:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-08-31 20:19 - 2013-11-18 13:11 - 00000000 ____D C:\Program Files\VideoLAN
    2016-08-31 18:59 - 2014-09-01 12:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
    2016-08-31 18:55 - 2014-09-01 12:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify
    2016-08-30 22:14 - 2016-03-10 10:30 - 00000000 ____D C:\Users\Owner
    2016-08-30 22:00 - 2016-06-11 19:30 - 00000000 ____D C:\Users\Owner\Documents\writing tips
    2016-08-30 15:59 - 2016-03-10 10:29 - 00988244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-08-28 00:24 - 2015-10-10 22:13 - 00012869 _____ C:\Users\Owner\Documents\early latin dance.odt
    2016-08-19 19:50 - 2016-06-10 22:55 - 00000000 ____D C:\Program Files\Scrivener
    2016-08-18 17:34 - 2016-03-10 20:08 - 00002405 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-08-18 17:34 - 2016-03-10 20:08 - 00000000 ___RD C:\Users\Owner\OneDrive
    2016-08-17 17:27 - 2014-09-07 15:10 - 00002073 _____ C:\Users\Public\Desktop\Google Slides.lnk
    2016-08-17 17:27 - 2014-09-07 15:10 - 00002071 _____ C:\Users\Public\Desktop\Google Sheets.lnk
    2016-08-17 17:27 - 2014-09-07 15:10 - 00002061 _____ C:\Users\Public\Desktop\Google Docs.lnk
    2016-08-17 17:27 - 2014-09-07 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-08-11 18:53 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\rescache
    2016-08-10 23:51 - 2015-10-30 01:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-08-10 23:50 - 2015-10-30 02:58 - 00000000 ____D C:\Program Files\Windows Journal
    2016-08-10 23:50 - 2015-10-30 01:48 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-08-10 13:04 - 2014-04-21 14:12 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-08-10 12:43 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
    2016-08-10 12:43 - 2014-04-21 14:12 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-08-08 17:24 - 2014-09-24 13:39 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-08-08 17:24 - 2014-09-24 13:39 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-08-05 20:44 - 2016-07-19 12:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GPMDP
    2016-08-05 17:53 - 2015-11-08 12:36 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    ==================== Files in the root of some directories =======

    2014-05-14 21:20 - 2014-05-14 21:20 - 0000040 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
    2016-09-01 21:55 - 2016-09-01 21:55 - 0217968 _____ () C:\ProgramData\1472780618.bdinstall.bin
    2015-01-05 22:47 - 2015-01-06 00:07 - 8673792 _____ () C:\ProgramData\atscie.msi
    2014-05-06 13:09 - 2014-05-06 13:12 - 0000246 _____ () C:\ProgramData\hpzinstall.log

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-08-27 19:39

    ==================== End of FRST.txt ============================

  3. #3
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default additional.txt

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
    Ran by Owner (01-09-2016 23:58:01)
    Running from C:\Users\Owner\Downloads
    Microsoft Windows 10 Home Version 1511 (X86) (2016-03-10 14:50:45)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4030092792-1861841708-2368464224-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-4030092792-1861841708-2368464224-503 - Limited - Disabled)
    Guest (S-1-5-21-4030092792-1861841708-2368464224-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4030092792-1861841708-2368464224-1002 - Limited - Enabled)
    Owner (S-1-5-21-4030092792-1861841708-2368464224-1000 - Administrator - Enabled) => C:\Users\Owner

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
    AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
    Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Amazon Music (HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)
    Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
    Citrix Online Launcher (HKLM\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
    Google Chrome (HKLM\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
    Google Drive (HKLM\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    OpenOffice 4.1.2 (HKLM\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
    QuickTime (HKLM\...\QuickTime) (Version: - )
    Scrivener Update (HKLM\...\Scrivener 1900) (Version: 1960 - Literature and Latte)
    Spotify (HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.0 - Tweaking.com)
    WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
    yWriter6 (HKLM\...\yWriter6_is1) (Version: - Spacejock Software)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}\InprocServer32 -> Rnvrcs.dll => No File
    CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
    CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{880804D3-6A76-4a39-8F95-641CFA984557}\InprocServer32 -> %LOCALAPPDATA%\HuluDesktop\instances\0.9.14.1\hdIEPlg.dll => No File
    CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)
    CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\HPCDMC32.DLL (HP)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03DFCD56-A98B-46D4-9D4B-E1972F8B80BC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-18] (Microsoft Corporation)
    Task: {06B1FDD1-9AAA-4504-AB52-89160A212A40} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {0CCCE18F-FFB9-40B6-9854-3ABF824B5AAB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {121809E5-6D3A-4F5F-9F0F-51CD6C0F0B69} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {1DEB3732-27A5-4A6C-A536-4702F8B072A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {22BC150D-8B18-4C1F-8D42-8855880BBDAD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {2A6D9D8D-6112-43C5-966B-85F3728313C9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {2DAEA87C-86AC-40DE-A359-700FA9D5FE93} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {33ECED19-4E20-407E-9089-F83710CD100D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {36BF9E44-DBA5-4D18-8A2F-B620B0534F8C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {3B7116AB-E02A-4E27-8855-E1EA028999B4} - System32\Tasks\UpdaterEX => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {425FD655-8FF9-439A-A65F-0BD8DCA4F3BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {433DB1B2-26E3-4B7B-BDBA-A510ADCF241A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {47026316-1942-4F3D-B426-1714D134D5CE} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {55AB25D1-C7F0-4FDF-B692-A4C29FB3FEF8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {57B48964-77DA-47A5-B2BC-8313AF3627FD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {5D812CED-0169-4B5C-8752-CFD4C37A2BE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {603BF118-5B4D-40F5-A486-948329586DE8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
    Task: {635385F1-8BBC-4478-A808-DAB2F3C8628E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
    Task: {63E19ABD-BEF6-4D88-A9F7-7A3C0E7626D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {6B6C4B78-7A58-485F-A61D-9CFA6C04A657} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {70D086BF-8544-48FF-B7FF-5BF3113A0C76} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {70E5E7F1-670F-457F-BF52-8F1DB875008A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {750DA92C-678B-43EC-9B33-456CD7EA2FD1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {75884FC2-2FF7-4C75-A8CA-6488576414AB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {829B21DA-7739-4C90-957C-98DC9C8F914A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {94AEF91F-5F0D-42F3-B022-6716CA643AEB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9F876EBA-83FC-482E-89BF-81A18CA7C03D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {B1BA70DD-79CF-4168-9861-9832ADD5188C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {BD09BA61-FC8D-49B9-8B28-14D1EDB9E4FF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {BFE0BBD0-C3FE-4C7C-A368-4CCF17749168} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {D3F0C711-25A0-44B8-86B1-254CEB78D225} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {DB441ACD-FAE3-4A65-8F2C-69EF664F8857} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {E021BA1A-E6D3-430B-968F-7C23FC545559} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {E08DFD32-9247-4235-B633-11CC453AA832} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {E51A7559-C977-4911-9A6A-6B83CB8B0AF5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {E5B3FB82-5D84-476C-83E9-42BDD523B259} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {E75A966F-429F-4C5E-A3C5-E08CD512616F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {E826665B-C096-40EA-AB45-7FFD760C56E2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {E87E36E7-DC72-41A8-A5B1-EB5CFB9C81F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {E896F520-6033-4687-8272-D3A4DE76E299} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {ECF432F5-B652-4545-8356-B715F32D5CE6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
    Task: {EF2CA483-2301-4A8C-8315-929229013A61} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {F28494F9-3ECC-4658-83B1-92DAD8FDAFB1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {F4958A23-8F04-4404-8D50-8B27BE36C4F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-04-01 10:33 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-04-01 10:33 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-04-01 10:33 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2016-07-12 21:10 - 2016-07-01 00:38 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-07-12 21:10 - 2016-07-01 00:38 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-08-18 17:33 - 2016-08-18 17:33 - 01383616 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
    2016-03-10 13:15 - 2016-03-10 13:15 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-07-12 21:09 - 2016-06-30 23:31 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-09-01 19:31 - 2016-09-01 19:31 - 00098816 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32api.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00110080 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\pywintypes27.dll
    2016-09-01 19:31 - 2016-09-01 19:31 - 00364544 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\pythoncom27.dll
    2016-09-01 19:31 - 2016-09-01 19:31 - 00320512 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32com.shell.shell.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00776704 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_hashlib.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 01176576 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._core_.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00806400 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._gdi_.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00816128 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._windows_.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 01067008 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._controls_.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00733184 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._misc_.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00682496 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\pysqlite2._sqlite.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00088064 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_ctypes.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00119808 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32file.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00108544 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32security.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00007168 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\hashobjs_ext.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00017920 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\thumbnails_ext.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00088064 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\usb_ext.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00012800 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\common.time34.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00018432 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32event.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00167936 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32gui.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00046080 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_socket.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 01208320 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_ssl.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00128512 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_elementtree.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00127488 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\pyexpat.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00038912 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32inet.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00036864 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_psutil_windows.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00525208 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\windows._lib_cacheinvalidation.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00011264 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32crypt.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00077312 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._html2.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00027136 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_multiprocessing.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00020480 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\_yappi.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00035840 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32process.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00686080 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\unicodedata.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00078848 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._animate.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00123392 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\wx._wizard.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00024064 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32pipe.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00010240 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\select.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00025600 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32pdh.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00017408 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32profile.pyd
    2016-09-01 19:31 - 2016-09-01 19:31 - 00022528 ____R () C:\Users\Owner\AppData\Local\Temp\_MEI49322\win32ts.pyd
    2016-04-18 16:59 - 2016-04-18 17:00 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-04-18 16:59 - 2016-04-18 17:00 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-04-18 16:59 - 2016-04-18 17:00 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-08-24 17:45 - 2016-08-24 17:46 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1608.2211.0_x86__8wekyb3d8bbwe\CompanionApp.exe
    2016-08-24 17:45 - 2016-08-24 17:46 - 03454464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1608.2211.0_x86__8wekyb3d8bbwe\CompanionApp.dll
    2016-08-24 17:45 - 2016-08-24 17:46 - 00508928 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1608.2211.0_x86__8wekyb3d8bbwe\CompanionAppDeviceManager.dll
    2016-03-10 20:41 - 2016-03-10 20:41 - 00169984 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1608.2211.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2016-09-01 21:42 - 2016-09-01 21:43 - 10056744 _____ () C:\Users\Owner\Downloads\Antivirus_Free_Edition_x86.exe
    2016-09-01 21:47 - 2013-03-19 11:07 - 00522136 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
    2016-09-01 21:47 - 2013-09-03 13:29 - 00105448 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
    2016-08-15 17:41 - 2016-08-15 18:03 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
    2016-08-15 17:41 - 2016-08-15 18:03 - 11393536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
    2016-06-05 15:17 - 2016-06-05 15:18 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll
    2016-03-10 20:56 - 2016-03-10 20:59 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2016-07-12 21:10 - 2016-06-30 23:13 - 05340160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-07-12 21:10 - 2016-06-30 23:08 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-07-12 21:10 - 2016-06-30 23:08 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-07-12 21:10 - 2016-06-30 23:11 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-08-08 17:24 - 2016-08-02 19:54 - 17602240 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7914 more sites.

    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\123simsen.com -> www.123simsen.com

    There are 7915 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:04 - 2016-08-30 17:30 - 00453443 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15555 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 209.18.47.62 - 209.18.47.61
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "APSDaemon"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\StartupApproved\Run: => "Amazon Music"
    HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\...\StartupApproved\Run: => "Spotify"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
    FirewallRules: [UDP Query User{46FBA79F-4171-4C78-B49E-38C7AB43B17C}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{E002756B-88F0-47D8-8968-4E261AFE5D91}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{6BC93BFA-F55B-4E72-8FD0-81BB8556F067}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{AE1D72ED-5F4E-4008-BED1-6F9768C10B7C}] => (Allow) LPort=67
    FirewallRules: [{E8EBA4B5-CB43-45C5-BAB3-3D456F6A05DF}] => (Allow) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    FirewallRules: [{8434326C-2785-4961-8382-8CE81BF55204}] => (Allow) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    FirewallRules: [UDP Query User{1BEA4507-3FF4-4700-9FC8-BECA77B7DA0E}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe
    FirewallRules: [TCP Query User{93A43657-9057-4953-9C7A-E78B99C1E0B7}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe
    FirewallRules: [UDP Query User{52F84905-7038-430A-B35D-30812B924A0F}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe
    FirewallRules: [TCP Query User{0C1B73AC-73A2-4940-8208-1209CAA92417}C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe] => (Block) C:\program files\kodak\kodak software updater\7288971\program\backweb-7288971.exe
    FirewallRules: [UDP Query User{0A03A2C7-F418-4011-ACFE-3F83095F1248}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{8F06D330-8C00-4E92-9A4D-E656010F08FA}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{B603E256-9F4E-4AF4-86B5-200C31517A89}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{B44E9551-FA60-4D38-B622-358D4C320D58}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    15-08-2016 19:14:49 Scheduled Checkpoint
    24-08-2016 21:23:04 Scheduled Checkpoint
    01-09-2016 19:50:12 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/01/2016 08:18:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
    Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (09/01/2016 08:12:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
    Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (09/01/2016 08:07:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
    Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (09/01/2016 08:01:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
    Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (09/01/2016 07:54:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
    Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (09/01/2016 07:51:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (09/01/2016 07:47:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OWNER-PC)
    Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (08/31/2016 08:16:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SDScan.exe version 2.6.44.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1988

    Start Time: 01d203dbdf238a23

    Termination Time: 4294967295

    Application Path: C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

    Report Id: 11bb00fe-6fd9-11e6-a535-001aa0ae0fd9

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (08/31/2016 08:15:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Spotify.exe version 1.0.36.124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: cf4

    Start Time: 01d203da80ebaa6d

    Termination Time: 4294967295

    Application Path: C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe

    Report Id: 181f3405-6fd9-11e6-a535-001aa0ae0fd9

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (08/31/2016 08:15:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SDWelcome.exe version 2.4.40.130 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1124

    Start Time: 01d203dbcbf452be

    Termination Time: 4294967295

    Application Path: C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe

    Report Id: 1b3af2f7-6fd9-11e6-a535-001aa0ae0fd9

    Faulting package full name:

    Faulting package-relative application ID:


    System errors:
    =============
    Error: (09/01/2016 09:48:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The bdfwfpf service failed to start due to the following error:
    Incorrect function.

    Error: (09/01/2016 09:48:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The bdfwfpf service failed to start due to the following error:
    Incorrect function.

    Error: (09/01/2016 09:47:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The bdfwfpf service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (09/01/2016 07:29:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NetPipeActivator service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (09/01/2016 07:29:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.

    Error: (09/01/2016 07:29:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SDScannerService service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (09/01/2016 07:29:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the SDScannerService service to connect.

    Error: (09/01/2016 07:29:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (09/01/2016 07:29:27 PM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000080 (0x004f4454, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 3c22c186-b838-4127-8f8c-c147ea7cbec0.

    Error: (09/01/2016 07:29:04 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 9:08:56 PM on ‎8/‎31/‎2016 was unexpected.


    CodeIntegrity:
    ===================================
    Date: 2016-09-01 21:41:27.115
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-09-01 21:41:27.098
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-09-01 21:41:27.078
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-09-01 21:41:24.826
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-09-01 21:41:24.794
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-09-01 21:33:26.978
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-09-01 21:33:26.962
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-09-01 21:33:26.938
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-09-01 21:33:26.333
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-09-01 21:33:26.251
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) D CPU 3.40GHz
    Percentage of memory in use: 73%
    Total physical RAM: 2037.61 MB
    Available physical RAM: 532.13 MB
    Total Virtual: 4085.61 MB
    Available Virtual: 1748.59 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:148.47 GB) (Free:108 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 2BD2C32A)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

    ==================== End of Addition.txt ============================

  4. #4
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default aswMBR

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-09-02 00:03:26
    -----------------------------
    00:03:26.626 OS Version: Windows 6.2.9200
    00:03:26.626 Number of processors: 2 586 0x604
    00:03:26.629 ComputerName: OWNER-PC UserName: Owner
    00:03:57.525 Initialize success
    00:03:57.654 VM: initialized successfully
    00:03:57.656 VM: Intel CPU virtualization not supported
    00:11:36.427 AVAST engine defs: 16083103
    00:14:18.745 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

  5. #5
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Looks like your infected with MySearchDial

    Your running FRST64 from your Downloads folder, our tools and scanners work more efficiently when run from the Desktop in lieu of being buried in some folder, so go to your Downloads folder and look for FRST64, right click on it and select CUT, then come back to your Desktop and right click on a blank space and select PASTE, then we will have FRST64 exactly where we want it to be.




    Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
    Please copy the entire contents Inside of the code box below beginning with START and ending with END
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Name the file Fixlist.txt , Save it to your desktop where you have FRST/FRST64 or the fix wont work. Right Click on FRST/FRST64 and select RUN AS ADMINISTRATOR Then click on >FIX< (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please


    Code:
    Start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}\InprocServer32 -> Rnvrcs.dll => No File
    Task: {0CCCE18F-FFB9-40B6-9854-3ABF824B5AAB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {1DEB3732-27A5-4A6C-A536-4702F8B072A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {3B7116AB-E02A-4E27-8855-E1EA028999B4} - System32\Tasks\UpdaterEX => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {425FD655-8FF9-439A-A65F-0BD8DCA4F3BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {70D086BF-8544-48FF-B7FF-5BF3113A0C76} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {750DA92C-678B-43EC-9B33-456CD7EA2FD1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {9F876EBA-83FC-482E-89BF-81A18CA7C03D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {D3F0C711-25A0-44B8-86B1-254CEB78D225} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {E021BA1A-E6D3-430B-968F-7C23FC545559} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {E5B3FB82-5D84-476C-83E9-42BDD523B259} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {E87E36E7-DC72-41A8-A5B1-EB5CFB9C81F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {E896F520-6033-4687-8272-D3A4DE76E299} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    CMD: ipconfig /flushdns
    EmptyTemp:
    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    End

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system




    All our tools and scanners work more efficiently when run from the DESKTOP in lieu of being buried in some folder, so download and run these tools right from the DESKTOP




    -AdwCleaner-by Xplode


    Click on this link to download : ADWCleaner TO YOUR DESKTOP


    Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers








    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.






    ===============================================================================








    Please download Junkware Removal Tool TO YOUR DESKTOP

    • Download the one from Bleeping Computer
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.








    ===============================================================================


    Download Malwarebytes' Anti-Malware TO YOUR DESKTOP



    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"








    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
    Last edited by ken545; 2016-09-02 at 17:56.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #6
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default Fixlog

    Ken,

    Thank you so much for your assistance. I am very grateful for the time all of you at Safer-Networking put into this work. I have always had great success with Safer-Networking Experts.

    Here is the fixlog:

    Fix result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
    Ran by Owner (02-09-2016 17:51:30) Run:1
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner (Available Profiles: Owner & DefaultAppPool)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    Start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    SearchScopes: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EtCyCyDtAzytGyDyC0DtCtGtByDyByEtG0D0CyCyBtGyB0C0A0FyC0E0EyBtAyB0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtDtByDyC0A0AtGyD0CtByBtGzyyCzztDtG0DtDtC0FtGtC0E0Bzy0BtA0CzzzztCtAyB2Q&cr=1039448420&ir=
    CustomCLSID: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000_Classes\CLSID\{2D611968-B0FB-4B81-8AFA-D7486879D141}\InprocServer32 -> Rnvrcs.dll => No File
    Task: {0CCCE18F-FFB9-40B6-9854-3ABF824B5AAB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {1DEB3732-27A5-4A6C-A536-4702F8B072A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {3B7116AB-E02A-4E27-8855-E1EA028999B4} - System32\Tasks\UpdaterEX => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {425FD655-8FF9-439A-A65F-0BD8DCA4F3BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {70D086BF-8544-48FF-B7FF-5BF3113A0C76} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {750DA92C-678B-43EC-9B33-456CD7EA2FD1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {9F876EBA-83FC-482E-89BF-81A18CA7C03D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {D3F0C711-25A0-44B8-86B1-254CEB78D225} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {E021BA1A-E6D3-430B-968F-7C23FC545559} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {E5B3FB82-5D84-476C-83E9-42BDD523B259} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {E87E36E7-DC72-41A8-A5B1-EB5CFB9C81F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {E896F520-6033-4687-8272-D3A4DE76E299} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Owner\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    CMD: ipconfig /flushdns
    EmptyTemp:
    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    End
    *****************

    Processes closed successfully.

  7. #7
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default adwcleaner

    # AdwCleaner v6.010 - Logfile created 02/09/2016 at 18:15:08
    # Updated on 12/08/2016 by ToolsLib
    # Database : 2016-09-01.2 [Server]
    # Operating System : Windows 10 Home (X86)
    # Username : Owner - OWNER-PC
    # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
    # Mode: Scan
    # Support : https://toolslib.net/forum



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    Folder Found: C:\Users\Owner\AppData\Roaming\UpdaterEX


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    Task Found: UpdaterEX


    ***** [ Registry ] *****

    Key Found: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
    Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Found: HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Software\InstallCore
    Key Found: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Software\UpdaterEX
    Key Found: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found: HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found: HKCU\Software\InstallCore
    Key Found: HKCU\Software\UpdaterEX
    Key Found: HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found: HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found: HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dnldstr_14_20_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtD0A0EtD0F0Dzy0D0FtA0CtN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDt
    Key Found: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Data Found: HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
    Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
    Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    *************************

    C:\AdwCleaner\AdwCleaner[S0].txt - [2848 Bytes] - [02/09/2016 18:15:08]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2921 Bytes] ##########

  8. #8
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default JRT and Malwarebytes reports

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 10 Home x86
    Ran by Owner (Administrator) on Fri 09/02/2016 at 18:32:17.06
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 4

    Successfully deleted: C:\ProgramData\1472780618.bdinstall.bin (File)
    Successfully deleted: C:\WINDOWS\prefetch\ANTIVIRUS_FREE_EDITION.EXE-CF8E86A0.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\ANTIVIRUS_FREE_EDITION_X86.EX-3D4526B1.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\DRIVERCTRL.EXE-22B7B922.pf (File)



    Registry: 1

    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267 (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 09/02/2016 at 18:35:08.70
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Malwarebytes' Report:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 9/2/2016
    Scan Time: 6:52 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.09.02.10
    Rootkit Database: v2016.08.15.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x86
    File System: NTFS
    User: Owner

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 313824
    Time Elapsed: 32 min, 23 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.MySearchDial, HKU\S-1-5-21-4030092792-1861841708-2368464224-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [64fefe6f623870c67ca18a086d95ee12],
    PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [64fefe6f623870c67ca18a086d95ee12],

    Registry Values: 1
    PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files\Mysearchdial\1.8.29.0\, Quarantined, [3f23f9743c5ebe78769a733aeb1843bd]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Looks like you didn't post the entire FIXLOG , it should be on your desktop, can you post that please.


    After you do that right click on FRST and select RUN AS ADMINISTRATOR, when it opens make sure there is a checkmark in ADDITIONS, leave everything else as is , then click on SCAN and post both new logs please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Member
    Join Date
    Jul 2007
    Location
    North Carolina
    Posts
    43

    Default Computer froze up during FRST64 scan

    That's all I have on the log. My computer froze during the scan and I had to restart it. I will run it again and post the fix log again. I will also run the FRST and post those logs shortly.

    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •