Page 1 of 6 12345 ... LastLast
Results 1 to 10 of 54

Thread: PC Painfully Slow - Especially IE

  1. #1
    Member
    Join Date
    Mar 2011
    Posts
    45

    Default PC Painfully Slow - Especially IE

    About 6 weeks ago IE became really really slow. Youd be typing and only half the letters would appear with one word mixed with the other half of the next.

    The download dialogue box takes about 5 minutes to appear and when it does it invariably freezes and stops responding.

    Have run Spybot S&D several times and removes a few basic tracking cookies etc but nothings helped. Have reset internet explorer and to no avail.

    It has taken me the past hour to download Tweaking Resistry Backup and Run iT

    Have managed to download aswMBR and run it - log below

    FRST will not download as when the dialogue finally appears and I press "Run" it keeps coming up with the message "FRST.exe couldn't be downloaded.

    When I try to save as - I get " This app could not be run on your PC

    Have tried this with 32 bit and 64 bit versions - same with both.

    Incidentally I am running Windows 10 32 bit on a x64 based processor.

    Any help appreciated.

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2017-10-03 19:58:47
    -----------------------------
    19:58:47.341 OS Version: Windows 6.2.9200
    19:58:47.341 Number of processors: 2 586 0xF0B
    19:58:47.356 ComputerName: DESKTOP-2FD7588 UserName: Dad
    19:58:55.517 Initialize success
    19:58:55.532 VM: initialized successfully
    19:58:55.532 VM: Intel CPU BiosDisabled
    19:59:12.710 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000020
    19:59:12.710 Disk 0 Vendor: WDC_WD5000AVDS-63U7B0 01.00A01 Size: 476940MB BusType: 11
    19:59:12.741 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000021
    19:59:12.741 Disk 1 Vendor: WDC_WD20EADS-00R6B0 01.00A01 Size: 1907729MB BusType: 11
    19:59:13.725 Disk 1 MBR read successfully
    19:59:13.725 Disk 1 MBR scan
    19:59:13.725 Disk 1 Windows 7 default MBR code
    19:59:13.757 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1907276 MB offset 2048
    19:59:13.788 Disk 1 Partition 2 00 27 Hidden NTFS WinRE NTFS 450 MB offset 3906105344
    19:59:13.835 Disk 1 scanning sectors +3907026944
    19:59:14.350 Disk 1 scanning C:\WINDOWS\system32\drivers
    19:59:59.589 Service scanning
    20:01:03.124 Modules scanning
    20:01:03.133 Disk 1 trace - called modules:
    20:01:03.183 ntoskrnl.exe CLASSPNP.SYS disk.sys avgSP.sys halmacpi.dll storport.sys storahci.sys dxgkrnl.sys atikmpag.sys atikmdag.sys dxgmms1.sys watchdog.sys partmgr.sys volmgr.sys fvevol.sys iorate.sys volsnap.sys NTFS.sys USBPORT.SYS usbuhci.sys
    20:01:03.189 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8d066030]
    20:01:03.194 3 avgSP.sys[8830bc35] -> nt!IofCallDriver -> \Device\00000021[0x8cb3c030]
    20:01:03.198 Disk 1 statistics 128324/0/0 @ 1.55 MB/s
    20:01:03.219 Scan finished successfully
    20:03:55.471 Disk 1 MBR has been saved successfully to "C:\Users\Dad\Desktop\MBR.dat"
    20:03:55.617 The log file has been saved successfully to "C:\Users\Dad\Desktop\aswMBR.txt"

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,747

    Default

    Can you go to the web site (probably with a different computer) and download to a USB drive?
    Then use the USB to see if you can get FRST to run?

    Use the same method using an USB to Download Tweaking.com - Windows Repair from Here
    OR
    Windows Repair (all in one) from here.

    • Install and then run the program
    • Execute the instructions on Step 1 Important
    • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
    • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
    • Click Repairs - Open Repairs in the bottom right corner
    • Uncheck the All repair button then select just the item(s) listed below

      01 - Repair Registry Permissions
      03 - Reset Service permissions
      04 - Register System Files
      05 - Repair WMI
      06 - Repair Windows Firewall
      07 - Repair Internet Explorer
      10 - Remove Policies Set By Infections
      17 - Repair Windows Updates
      19 - Repair Volume Shadow Copy Service
      21 - Repair MSI (Windows Installer)
      26 - Restore Important Windows Services
      27 - Set Windows Service to Default Startup


    • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
    • Please copy and paste the Contents of this file on your next reply.


    Restart the computer normally.

    ~~~
    A couple of things to try
    Disable your antivirus and attempt to download and run the above tools?
    Boot into safe mode?

    Let me know how you make out.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Member
    Join Date
    Mar 2011
    Posts
    45

    Default Done !

    Ok I finally got FRST to download and Run (32 bit version) (Disabled Malwarebytes and AVG)

    Here's the Log :

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2017 01
    Ran by Dad (administrator) on DESKTOP-2FD7588 (04-10-2017 18:56:09)
    Running from C:\Users\Dad\Desktop
    Loaded Profiles: Dad (Available Profiles: Dad)
    Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files\HDD Regenerator\hrsrv.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    () C:\Program Files\Aiseesoft Studio\FoneLab\AppService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Logitech Inc.) C:\Program Files\Logitech\Video\LogiTray.exe
    () C:\Program Files\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgui.exe
    (Insight Software Solutions) C:\Program Files\Keyboard Express 3\keyexp.exe
    (Logitech Inc.) C:\Program Files\Logitech\Video\FxSvr2.exe
    (Nero AG) C:\Program Files\Nero\Update\NASvc.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x86__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.23941.0_x86__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-09-14] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [Corel Update Helper] => c:\Program Files\Corel\Corel PaintShop Pro X8\pua.exe [1490888 2015-11-27] (Corel Corporation)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\Run: [FoneLabAppService] => C:\Program Files\Aiseesoft Studio\FoneLab\AppService.exe [81640 2015-09-18] ()
    HKLM\...\Run: [FaxCenterServer] => "C:\Program Files\Dell PC Fax\fm3032.exe" /s
    HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
    HKLM\...\Run: [HDD Regenerator] => C:\Program Files\HDD Regenerator\Shell.exe [90336 2013-05-08] ()
    HKLM\...\Run: [LogitechVideoRepair] => C:\Program Files\Logitech\Video\ISStart.exe [458752 2005-06-08] (Logitech Inc.)
    HKLM\...\Run: [LogitechVideoTray] => C:\Program Files\Logitech\Video\LogiTray.exe [217088 2005-06-08] (Logitech Inc.)
    HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [124544 2016-02-11] (LeapFrog Enterprises, Inc.)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [289248 2017-09-04] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
    HKLM\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [261432 2017-09-11] (Apple Inc.)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\Run: [LogitechSoftwareUpdate] => C:\Program Files\Logitech\Video\ManifestEngine.exe [196608 2005-06-08] (Logitech Inc.)
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\Policies\Explorer: []
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Keyboard Express 3.lnk [2015-12-10]
    ShortcutTarget: Keyboard Express 3.lnk -> C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{4926ba25-6cf7-4277-9b08-c1ad41a8c60b}: [NameServer] 62.6.40.178,62.6.40.162
    Tcpip\..\Interfaces\{4926ba25-6cf7-4277-9b08-c1ad41a8c60b}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{ae5530b1-4c29-475e-91c1-1e2608f6b211}: [NameServer] 45.32.155.235,108.61.178.207
    ManualProxies:

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-004-752
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
    SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
    SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
    SearchScopes: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={AD1DB690-F951-4B2B-9C85-145BE2B61EF1}&mid=409ad691902747ccb062d15805c271ac-0c7233c5c59cc201da8a7ddd4985513d8e8381be&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=fr&d=2015-12-09 02:58:28&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL =
    SearchScopes: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002 -> {EFE22B57-9F3C-4B9E-AB38-0368E469796D} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-09-24] (Microsoft Corporation)
    BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2009-10-28] (Insight Software Solutions)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-24] (Microsoft Corporation)
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
    Handler: WSWSVCUchrome - No CLSID Value -

    FireFox:
    ========
    FF DefaultProfile: e4gws394.default
    FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e4gws394.default [2017-10-02]
    FF Homepage: Mozilla\Firefox\Profiles\e4gws394.default -> hxxp://www.google.co.uk/
    FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi\ [not found]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-03-12] ()
    FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-24] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-24] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-31] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-31] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [276328 2017-09-04] (AVG Technologies CZ, s.r.o.)
    S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5881008 2017-09-04] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-09-14] (AVG Technologies CZ, s.r.o.)
    S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4939976 2017-09-08] (Microsoft Corporation)
    S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-10-04] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
    S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1104128 2015-12-10] (Flexera Software LLC)
    R2 hddrsrv; C:\Program Files\HDD Regenerator\hrsrv.exe [82144 2013-05-08] ()
    S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
    R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [805752 2016-09-14] (Nero AG)
    R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
    S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-07-16] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiskx.sys [135872 2017-09-04] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdriverx.sys [261128 2017-09-04] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidshx.sys [151024 2017-09-04] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\WINDOWS\system32\drivers\avgblogx.sys [270344 2017-09-04] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbunivx.sys [43992 2017-09-04] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [35264 2017-09-04] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [117368 2017-09-04] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [91976 2017-09-04] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [63280 2017-09-04] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [766216 2017-09-04] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [492552 2017-09-04] (AVG Technologies CZ, s.r.o.)
    S2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [140648 2017-09-18] (AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [290264 2017-09-25] (AVG Technologies CZ, s.r.o.)
    S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [30888 2016-12-07] ()
    S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2016-07-11] () [File not signed]
    S3 FlyUsb; C:\WINDOWS\System32\drivers\FlyUsb.sys [19456 2015-06-04] (LeapFrog)
    R3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41888 2015-12-09] (Logitech Inc.)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
    S3 NuidFltr; C:\WINDOWS\System32\drivers\NuidFltr.sys [44328 2016-04-26] (Microsoft Corporation)
    R3 pepifilter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [14112 2015-12-09] (Logitech Inc.)
    R3 PID_PEPI; C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [1276832 2015-12-09] (Logitech Inc.)
    S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [23552 2014-08-08] (The OpenVPN Project)
    R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3245056 2016-07-16] (Realtek Semiconductor Corporation )
    R2 SBKUPNT; C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] () [File not signed]
    S0 SI3112r; C:\WINDOWS\System32\drivers\SI3112r.sys [116264 2015-12-09] (Silicon Image, Inc)
    R0 SiFilter; C:\WINDOWS\System32\drivers\SiWinAcc.sys [19240 2015-12-09] (Silicon Image, Inc)
    S3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable_win7.sys [34024 2015-12-04] (Windows (R) Win 7 DDK provider)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
    S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
    U3 aswMBR; C:\Users\Dad\AppData\Local\Temp\aswMBR.sys [56704 2017-10-03] () [File not signed]
    U3 aswVmm; C:\Users\Dad\AppData\Local\Temp\aswVmm.sys [192224 2017-10-03] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-10-04 18:56 - 2017-10-04 18:57 - 000017089 _____ C:\Users\Dad\Desktop\FRST.txt
    2017-10-04 18:54 - 2017-10-04 18:56 - 000000000 ____D C:\FRST
    2017-10-04 18:54 - 2017-10-04 18:54 - 001796096 _____ (Farbar) C:\Users\Dad\Desktop\FRST.exe
    2017-10-04 18:46 - 2017-10-04 18:46 - 038257112 _____ (Tweaking.com) C:\Users\Dad\Desktop\tweaking.com_windows_repair_aio_setup.exe
    2017-10-03 19:58 - 2017-10-03 19:58 - 000002258 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2017-10-03 19:58 - 2017-10-03 19:58 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-2FD7588-Windows-10-Pro-(32-bit).dat
    2017-10-03 19:58 - 2017-10-03 19:58 - 000000000 ____D C:\RegBackup
    2017-10-03 19:58 - 2017-10-03 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2017-10-03 19:57 - 2017-10-03 19:58 - 000017361 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2017-10-03 19:57 - 2017-10-03 19:57 - 000000000 ____D C:\Program Files\Tweaking.com
    2017-10-03 19:51 - 2017-10-03 19:51 - 005198336 _____ (AVAST Software) C:\Users\Dad\Desktop\aswMBR.exe
    2017-10-03 16:13 - 2017-10-03 20:55 - 001639029 _____ C:\Users\Dad\Desktop\Shed-Store.dwg
    2017-09-24 17:41 - 2017-09-24 17:55 - 000000000 ___HD C:\Users\Dad\Desktop\Corel Auto-Preserve
    2017-09-21 10:11 - 2017-09-21 10:11 - 000221632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\081F680A.sys
    2017-09-21 09:40 - 2017-09-29 06:20 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
    2017-09-21 09:40 - 2017-09-21 09:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-09-21 09:40 - 2017-09-21 09:40 - 000000000 ____D C:\ProgramData\MB2Migration
    2017-09-21 09:40 - 2017-09-21 09:40 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-09-20 21:18 - 2017-09-20 21:20 - 000000000 ____D C:\Program Files\Tetris Unlimited
    2017-09-16 11:29 - 2017-09-16 11:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-09-16 11:27 - 2017-09-16 11:29 - 000000000 ____D C:\Program Files\iTunes
    2017-09-16 11:14 - 2017-09-16 11:14 - 000000000 ____D C:\Program Files\Apple Software Update
    2017-09-15 22:14 - 2017-09-15 22:14 - 000000000 ____D C:\Users\Dad\AppData\LocalLow\NoBrakesGames
    2017-09-15 21:38 - 2017-09-15 21:38 - 000000000 ____D C:\Users\Dad\AppData\Local\Steam
    2017-09-15 21:29 - 2017-10-03 19:19 - 000000000 ____D C:\Program Files\Steam
    2017-09-15 21:29 - 2017-09-21 11:02 - 000000000 ____D C:\Program Files\Common Files\Steam
    2017-09-15 21:29 - 2017-09-15 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2017-09-15 00:00 - 2017-09-15 00:00 - 000000000 ____D C:\Users\Dad\AppData\Roaming\Kodi
    2017-09-14 23:59 - 2017-09-14 23:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
    2017-09-14 23:58 - 2017-09-14 23:59 - 000000000 ____D C:\Program Files\Kodi
    2017-09-08 20:42 - 2017-09-08 20:51 - 000000000 ____D C:\Users\Dad\Desktop\The Emoji Movie 2017 XViD NOGrp
    2017-09-07 09:57 - 2017-09-07 09:57 - 000000198 ____H C:\Users\Dad\Documents\Drawing1.dwl2
    2017-09-07 09:57 - 2017-09-07 09:57 - 000000048 ____H C:\Users\Dad\Documents\Drawing1.dwl
    2017-09-04 19:54 - 2017-09-04 19:53 - 000305936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
    2017-09-04 10:20 - 2017-09-04 10:20 - 000000000 ____D C:\Users\Default\AppData\Local\AVG
    2017-09-04 10:20 - 2017-09-04 10:20 - 000000000 ____D C:\Users\Default User\AppData\Local\AVG

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-10-03 19:15 - 2016-09-25 20:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-10-03 19:14 - 2016-07-16 03:22 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2017-10-03 19:08 - 2017-08-02 21:58 - 000000000 ____D C:\Users\Dad\Desktop\Movies to Merge
    2017-10-03 13:50 - 2015-12-10 07:09 - 000000000 ____D C:\Users\Dad\AppData\Roaming\BitComet
    2017-10-02 21:00 - 2016-09-25 19:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-10-01 20:50 - 2015-12-09 03:41 - 000000000 ____D C:\Users\Dad\AppData\Local\ElevatedDiagnostics
    2017-09-30 16:36 - 2015-12-10 10:24 - 000000000 ____D C:\Users\Dad\AppData\Local\CrashDumps
    2017-09-26 19:05 - 2016-09-28 20:38 - 000000000 ____D C:\AdwCleaner
    2017-09-26 17:21 - 2016-11-05 18:05 - 000000000 ___RD C:\Users\Dad\Desktop\Murdo Jr
    2017-09-25 19:56 - 2017-04-01 13:10 - 000290264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgvmm.sys
    2017-09-24 05:28 - 2016-07-16 09:29 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-09-24 05:27 - 2016-07-16 09:29 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2017-09-24 05:27 - 2015-12-10 11:05 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
    2017-09-24 05:23 - 2015-12-10 10:45 - 000000000 ____D C:\Program Files\Microsoft Office
    2017-09-24 02:28 - 2015-12-09 03:06 - 000000000 ___RD C:\Users\Dad\Desktop\Murdo
    2017-09-22 13:23 - 2016-07-16 09:29 - 000000000 ____D C:\WINDOWS\system32\NDF
    2017-09-22 00:10 - 2016-07-16 09:28 - 000000000 ____D C:\WINDOWS\INF
    2017-09-21 19:37 - 2017-02-23 20:45 - 000000000 ____D C:\Users\Dad\AppData\Roaming\vlc
    2017-09-21 19:33 - 2016-01-16 21:15 - 000000000 ____D C:\Users\Dad\AppData\Roaming\Anvsoft
    2017-09-21 11:00 - 2016-09-25 19:55 - 000000000 ____D C:\Users\Dad
    2017-09-21 09:40 - 2016-09-28 09:33 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-09-19 14:01 - 2015-12-10 01:32 - 000001254 _____ C:\Users\Dad\Desktop\To Do.txt
    2017-09-19 13:31 - 2015-12-09 04:09 - 000000000 ___RD C:\Users\Dad\Desktop\Macleod Bros
    2017-09-18 19:56 - 2017-04-01 13:10 - 000140648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgstm.sys
    2017-09-16 11:29 - 2016-12-04 17:09 - 000000000 ____D C:\Program Files\iPod
    2017-09-16 11:14 - 2016-01-02 18:40 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2017-09-15 22:11 - 2016-07-16 09:29 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
    2017-09-15 13:32 - 2015-12-09 02:16 - 000002361 _____ C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-09-15 13:32 - 2015-12-09 02:16 - 000000000 ___RD C:\Users\Dad\OneDrive
    2017-09-14 08:56 - 2015-12-09 02:09 - 000000000 ____D C:\Users\Dad\AppData\Local\Packages
    2017-09-08 16:54 - 2016-07-16 11:18 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
    2017-09-07 21:43 - 2016-04-26 19:30 - 000000566 _____ C:\WINDOWS\system32\LexFiles.ulf
    2017-09-07 21:41 - 2016-09-28 20:37 - 000000000 ____D C:\Users\Dad\AppData\Roaming\AVAST Software
    2017-09-07 21:41 - 2015-12-09 03:27 - 000000000 ____D C:\Users\Dad\AppData\Local\AvgSetupLog
    2017-09-07 21:30 - 2015-12-10 22:06 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
    2017-09-05 23:30 - 2017-06-02 18:40 - 000000000 ____D C:\Users\Dad\Desktop\Photos to Merge
    2017-09-04 19:57 - 2017-03-07 18:32 - 000000000 ____D C:\ProgramData\KMSAuto
    2017-09-04 19:54 - 2017-04-01 13:10 - 000492552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
    2017-09-04 19:54 - 2017-04-01 13:10 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
    2017-09-04 19:54 - 2017-04-01 13:10 - 000091976 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
    2017-09-04 19:54 - 2017-04-01 13:10 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
    2017-09-04 19:54 - 2017-04-01 13:10 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
    2017-09-04 19:53 - 2017-04-01 13:10 - 000766216 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
    2017-09-04 19:52 - 2017-04-01 13:10 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
    2017-09-04 19:52 - 2017-04-01 13:10 - 000261128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
    2017-09-04 19:52 - 2017-04-01 13:10 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
    2017-09-04 19:52 - 2017-04-01 13:10 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
    2017-09-04 19:52 - 2017-04-01 13:10 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
    2017-09-04 19:49 - 2017-03-07 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
    2017-09-04 19:49 - 2017-03-07 19:02 - 000000000 ____D C:\Program Files\KMSpico
    2017-09-04 10:22 - 2017-04-03 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

    ==================== Files in the root of some directories =======

    2016-09-20 14:30 - 2016-09-20 14:30 - 000000000 _____ () C:\Users\Dad\AppData\Roaming\1.txt
    2016-06-17 07:54 - 2016-06-17 07:54 - 000004436 _____ () C:\Users\Dad\AppData\Roaming\90msp-RKSJ-V
    2016-10-10 08:33 - 2016-10-10 08:33 - 000000677 _____ () C:\Users\Dad\AppData\Roaming\adventives.zkh
    2016-06-17 07:53 - 2016-06-17 07:53 - 000001196 _____ () C:\Users\Dad\AppData\Roaming\Athens
    2016-10-10 08:33 - 2016-10-10 08:33 - 000060457 _____ () C:\Users\Dad\AppData\Roaming\bookmaking.rgj
    2016-10-15 14:08 - 2016-10-15 14:33 - 000061134 _____ () C:\Users\Dad\AppData\Roaming\Carney.DLB
    2016-06-17 07:53 - 2016-06-17 07:53 - 000001930 _____ () C:\Users\Dad\AppData\Roaming\compare-with-callbacks.js
    2015-12-28 20:42 - 2017-02-23 20:35 - 000001043 _____ () C:\Users\Dad\AppData\Roaming\coreavc.ini
    2016-06-17 07:53 - 2016-06-17 07:53 - 000003119 _____ () C:\Users\Dad\AppData\Roaming\frnphon.env
    2015-12-10 22:45 - 2015-12-10 22:45 - 000000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2016-11-10 13:36 - 2016-11-10 13:36 - 000000016 _____ () C:\ProgramData\mntemp
    2016-11-10 13:36 - 2016-11-10 13:36 - 000004965 _____ () C:\ProgramData\mudtcpaz.vzs

    Some files in TEMP:
    ====================
    2016-09-28 00:55 - 2015-01-26 09:09 - 000060296 _____ (Autodesk, Inc.) C:\Users\Dad\AppData\Local\Temp\AcDeltree.exe
    2017-09-03 18:55 - 2017-09-03 18:55 - 016739360 _____ () C:\Users\Dad\AppData\Local\Temp\Bit1224.tmp.exe
    2017-09-18 20:15 - 2017-09-18 20:15 - 016739360 _____ () C:\Users\Dad\AppData\Local\Temp\Bit2F94.tmp.exe
    2016-09-27 09:26 - 2016-09-27 09:26 - 016187624 _____ () C:\Users\Dad\AppData\Local\Temp\Bit9653.tmp.exe
    2017-08-08 22:00 - 2017-08-08 22:00 - 016742904 _____ () C:\Users\Dad\AppData\Local\Temp\Bit9DE7.tmp.exe
    2016-12-04 14:53 - 2016-12-04 14:53 - 016187624 _____ () C:\Users\Dad\AppData\Local\Temp\BitDE07.tmp.exe
    2017-08-20 17:39 - 2016-07-16 09:25 - 000628440 _____ (Microsoft Corporation) C:\Users\Dad\AppData\Local\Temp\kernel32.dll
    2016-12-15 07:06 - 2016-12-15 07:06 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Dad\AppData\Local\Temp\libeay32.dll
    2017-07-02 22:14 - 2017-07-02 22:15 - 120455440 _____ (Microsoft Corporation) C:\Users\Dad\AppData\Local\Temp\mpam-6b3b5ec6.exe
    2016-12-15 07:06 - 2016-12-15 07:06 - 000970912 _____ (Microsoft Corporation) C:\Users\Dad\AppData\Local\Temp\msvcr120.dll
    2016-12-15 07:06 - 2016-12-15 07:06 - 000772672 _____ () C:\Users\Dad\AppData\Local\Temp\sqlite3.dll
    2016-10-09 15:02 - 2016-10-09 15:02 - 000012288 _____ () C:\Users\Dad\AppData\Local\Temp\TWcKOuHOnezxmjSkVTaA.DLL

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-10-01 20:49

    ==================== End of FRST.txt ============================

    Run Windows repair all in one as stated

    Log

    Log:
    Tweaking.com - Windows Repair 2018 (v4.0.7)
    --------------------------------------------------------------------------------

    System Variables
    --------------------------------------------------------------------------------
    OS: Windows 10 Pro
    OS Architecture: 32-bit
    OS Version: 10.0.14393.187
    OS Service Pack:
    Computer Name: DESKTOP-2FD7588
    Windows Drive: C:\
    Windows Path: C:\WINDOWS
    Program Files: C:\Program Files
    Current Profile: C:\Users\Dad
    Current Profile SID: S-1-5-21-1307612883-4072204045-1798725994-1002
    Current Profile Classes: S-1-5-21-1307612883-4072204045-1798725994-1002_Classes
    Profiles Location: C:\Users
    Profiles Location 2: C:\WINDOWS\ServiceProfiles
    Local Settings AppData: C:\Users\Dad\AppData\Local
    --------------------------------------------------------------------------------

    System Information
    --------------------------------------------------------------------------------
    System Up Time: 01 Day 00:25:31

    Process Count: 72
    Commit Total: 2.38 GB
    Commit Limit: 4.26 GB
    Commit Peak: 3.61 GB
    Handle Count: 39703
    Kernel Total: 652.34 MB
    Kernel Paged: 429.92 MB
    Kernel Non Paged: 222.42 MB
    System Cache: 1.20 GB
    Thread Count: 1120
    --------------------------------------------------------------------------------

    Memory Before Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 3.00 GB
    Memory Used: 1.81 GB(60.4209%)
    Memory Avail.: 1.19 GB
    --------------------------------------------------------------------------------

    Cleaning Memory Before Starting Repairs...

    Memory After Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 3.00 GB
    Memory Used: 1.51 GB(50.2522%)
    Memory Avail.: 1.49 GB
    --------------------------------------------------------------------------------

    Starting Repairs...
    Started at (4/10/17 19:40:52)

    Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
    Total Missing 'InstallDate' Fixed: 75

    01 - Reset Registry Permissions
    Restore Windows 7/8/10 Default Registry Permissions
    Start (4/10/17 19:40:56)


    Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
    Done, 0.53 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
    Done, 24.59 seconds.

    Running Repair Under System Account
    Done (4/10/17 19:42:41)

    03 - Reset Service Permissions
    Start (4/10/17 19:42:41)

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (4/10/17 19:43:03)

    04 - Register System Files
    Start (4/10/17 19:43:03)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (4/10/17 19:43:53)

    05 - Repair WMI
    Start (4/10/17 19:43:53)

    Starting Security Center So We Can Export The Security Info.

    Exporting Antivirus Info...
    Windows Defender Exported.
    Malwarebytes Exported.
    AVG Antivirus Exported.

    Exporting AntiSpyware Info...
    Malwarebytes Exported.
    Windows Defender Exported.
    AVG Antivirus Exported.

    Exporting 3rd Party Firewall Info...
    No Firewall Products Reported.

    Running Repair Under Current User Account
    Done (4/10/17 19:52:00)

    06 - Repair Windows Firewall
    Start (4/10/17 19:52:00)

    Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done, 0.2 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (4/10/17 19:52:50)

    07 - Repair Internet Explorer
    Start (4/10/17 19:52:50)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (4/10/17 19:53:49)

    10 - Remove Policies Set By Infections
    Start (4/10/17 19:53:49)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (4/10/17 19:53:55)

    16 - Repair Windows Updates
    Start (4/10/17 19:53:55)

    Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done, 0.3 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
    Done (4/10/17 19:55:03)

    18 - Repair Volume Shadow Copy Service
    Start (4/10/17 19:55:03)

    Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done, 0.19 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (4/10/17 19:55:43)

    20 - Repair MSI (Windows Installer)
    Start (4/10/17 19:55:43)

    Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done, 0.48 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (4/10/17 19:56:01)

    25 - Restore Important Windows Services
    Start (4/10/17 19:56:01)

    Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done, 0.19 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (4/10/17 19:56:21)

    26 - Set Windows Services To Default Startup
    Start (4/10/17 19:56:21)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (4/10/17 19:56:45)

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,747

    Default

    (Disabled Malwarebytes and AVG
    When you did this, did you see any difference?

    Also, after you ran/used Tweaking.com - Windows Repair. has anything improved?

    When Farbar Recovery Scan Tool (FRST) Scan was first used it should had created Addition.txt
    Can you locate this and post it in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Member
    Join Date
    Mar 2011
    Posts
    45

    Default A little

    Internet explorer definitely has improved. But even while typing this the word improved just hung at "impro " and then suddenly the rest of the text will just appear.

    I'm away until Saturday evening at a family wedding but will respond to further messages on my return - Many Thanks for your help



    Here is the Addition.txt file

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2017 01
    Ran by Dad (04-10-2017 18:58:50)
    Running from C:\Users\Dad\Desktop
    Microsoft Windows 10 Pro Version 1607 (X86) (2016-09-25 19:43:05)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1307612883-4072204045-1798725994-500 - Administrator - Disabled)
    Dad (S-1-5-21-1307612883-4072204045-1798725994-1002 - Administrator - Enabled) => C:\Users\Dad
    DefaultAccount (S-1-5-21-1307612883-4072204045-1798725994-503 - Limited - Disabled)
    Guest (S-1-5-21-1307612883-4072204045-1798725994-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    5KPlayer 4.2 (HKLM\...\5KPlayer_is1) (Version: - DearMob, Inc.)
    ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5002-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
    ACAD Private (HKLM\...\{5783F2D7-F001-0000-3002-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.22) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
    Airfoil (HKLM\...\Airfoil) (Version: 5.1.7 - Rogue Amoeba)
    Any Video Converter 5.8.8 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
    Apple Application Support (32-bit) (HKLM\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BA476373-DAE7-4E51-957A-F43F01D9FACD}) (Version: 11.0.0.30 - Apple Inc.)
    Apple Software Update (HKLM\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
    Athentech Perfectly Clear (HKLM\...\_{6CB22877-5117-4C04-84D4-78072AB836FC}) (Version: 1.0.0.122 - Corel Corporation)
    Athentech Perfectly Clear (HKLM\...\{6CB22877-5117-4C04-84D4-78072AB836FC}) (Version: 1.0.0.122 - Corel Corporation) Hidden
    AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2002-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0002-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1002-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
    Autodesk App Manager 2016 (HKLM\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
    Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
    Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
    Autodesk BIM 360 Glue AutoCAD 2016 Add-in 32 bit (HKLM\...\{67EA06D3-1863-4E37-A19B-DB56175EAD15}) (Version: 4.35.1742 - Autodesk)
    Autodesk Featured Apps 2016 (HKLM\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
    Autodesk Material Library 2016 (HKLM\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
    AVG (HKLM\...\{1D382E7D-7E8B-4C85-9233-287017A66599}) (Version: 1.211.2 - AVG Technologies) Hidden
    AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 17.6.3029 - AVG Technologies)
    AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.5.160 - AVG Technologies)
    BitComet 1.45 (HKLM\...\BitComet) (Version: 1.45 - CometNetwork)
    Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
    Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
    Canon iP4900 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series) (Version: - Canon Inc.)
    Canon iP7200 series On-screen Manual (HKLM\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
    Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
    Canon iP7200 series User Registration (HKLM\...\Canon iP7200 series User Registration) (Version: - Canon Inc.‎)
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
    Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
    CompuApps SwissKnife V3 (HKLM\...\CompuApps SwissKnife V3) (Version: - )
    CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version: - )
    Corel PaintShop Pro X8 (HKLM\...\_{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.2.0.61 - Corel Corporation)
    Corel PaintShop Pro X8 (HKLM\...\{8239357B-E792-4EEB-9F8B-F2535730A315}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
    Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
    Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.03 - Creative Technology Limited)
    Dolby Digital Live Pack (HKLM\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
    DTS Connect Pack (HKLM\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
    EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
    EaseUS Partition Master 12.0 (HKLM\...\EaseUS Partition Master_is1) (Version: - EaseUS)
    Fax Solutions (HKLM\...\Dell Fax Solutions) (Version: - Dell, Inc.)
    FileZilla Client 3.27.0.1 (HKLM\...\FileZilla Client) (Version: 3.27.0.1 - Tim Kosse)
    Findwide Toolbar (HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\{D9E0E111-6FB8-48F0-BC95-CF78A7835A84}) (Version: - Freshy) <==== ATTENTION
    FMW 1 (HKLM\...\{E2258604-A4CB-4F29-BB9F-58081E193EAA}) (Version: 1.224.4 - AVG Technologies) Hidden
    Foxit Advanced PDF Editor 3 (HKLM\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
    Free FLV to MP4 Converter 1.0.28 (HKLM\...\{B00D1F02-C556-48eb-9DC2-32C778B71CE2}_is1) (Version: 1.0.28 - free-videoconverter)
    Google Earth Pro (HKLM\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
    Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
    HDD Regenerator (HKLM\...\{CC5DA723-D428-40D1-B82B-21EB64B1273C}) (Version: 20.11.0011 - Abstradrome)
    Human: Fall Flat (HKLM\...\Steam App 477160) (Version: - No Brakes Games)
    ICA (HKLM\...\{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    IPM_PSP_COM (HKLM\...\{80A28CA4-189A-4EB2-9F76-7845A0A83D2A}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    iTunes (HKLM\...\{5D7E7C4A-FA18-4A83-8FBC-D31B115306B2}) (Version: 12.7.0.166 - Apple Inc.)
    Keyboard Express 3 (HKLM\...\Keyboard Express 3) (Version: 3.4 - Insight Software Solutions, Inc.)
    KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
    Kodi (HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\Kodi) (Version: - XBMC-Foundation)
    LeapFrog Connect (HKLM\...\{97CD1D2B-20BD-40E8-825E-B4BDA5071B73}) (Version: 7.0.7.20035 - LeapFrog) Hidden
    LeapFrog Connect (HKLM\...\UPCShell) (Version: 7.0.7.20035 - LeapFrog)
    LeapFrog Tag Plugin (HKLM\...\{6A04826B-5056-4B0F-BD5B-1F88DCFFD9B5}) (Version: 7.0.6.19846 - LeapFrog) Hidden
    Logitech QuickCam Software (HKLM\...\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}) (Version: 8.47.0000 - Logitech, Inc.)
    Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
    Microsoft Expression Web (HKLM\...\WebDesigner) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8431.2079 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
    Movavi Video Converter 17 (HKLM\...\Movavi Video Converter 17) (Version: 17.0.3 - Movavi)
    Mozilla Firefox 51.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 51.0 (x86 en-GB)) (Version: 51.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 51.0 - Mozilla)
    MPC-HC 1.7.10 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
    Music Recorder (HKLM\...\{94A4AE85-9F1D-4687-953F-38371C9D1A4F}) (Version: 18.009.0 - Nero AG) Hidden
    Nero 2017 (HKLM\...\{6B81BDC4-3368-4898-8F16-48962F789221}) (Version: 18.0.06100 - Nero AG)
    Nero BurningROM 2016 (HKLM\...\{FF4B0F4C-80E2-45E4-B7FA-AD6D32B2542A}) (Version: 17.0.00700 - Nero AG)
    Nero Info (HKLM\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 18.0.0010 - Nero AG)
    Octodad - Dadliest Catch (HKLM\...\Octodad - Dadliest Catch_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
    Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
    OpenAL (HKLM\...\OpenAL) (Version: - )
    Prerequisite installer (HKLM\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
    Prerequisite installer (HKLM\...\{EB511CD1-C87C-490D-A7B1-D6C47F57820F}) (Version: 18.0.0003 - Nero AG) Hidden
    PSPPContent (HKLM\...\{89E018D8-558F-4051-BB26-64DD9B90DF68}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    PSPPHelp (HKLM\...\{88340123-2A5C-48D4-98C1-58C18D12F09C}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    Setup (HKLM\...\{8BFA76B5-47DD-4C88-9C9B-7407019F0E13}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    Shairport4w (HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\Shairport4w) (Version: 1.0.8.8 - Frank Friemel)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Sugarbox version 0.27 (HKLM\...\{C109A1CE-96CA-4E6A-B43E-018DD4B73BA3}_is1) (Version: 0.27 - Sugarbox)
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM\...\TagPlugin) (Version: 7.0.6.19846 - LeapFrog)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    Who's You Daddy Alpha version V0.2.0 (HKLM\...\{94FDA70B-B651-40E2-8703-308F448A6A0D}_is1) (Version: V0.2.0 - Joe Williams)
    Windows Driver Package - Bose Corporation (usbser) Ports (08/03/2012 1.2.0.0) (HKLM\...\7AFADC17CE5D176C218EB94F26AE53271142A857) (Version: 08/03/2012 1.2.0.0 - Bose Corporation)
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
    WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
    WinX HD Video Converter Deluxe 5.9.8 (HKLM\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
    ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-06] (Autodesk)
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2017-09-04] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
    ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => C:\Windows\System32\WSCM32.dll -> No File
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
    ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2017-09-04] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2014-06-24] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {04C6E1A1-CC37-4D97-A93E-A37032689AAA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {077F4C37-C322-4D50-8E94-E2CD3408E2D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-07-31] (Google Inc.)
    Task: {0C223F1A-298C-40AA-B3BB-CB6965050067} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-24] ()
    Task: {0C23455F-94DE-4964-80A9-A7603EDBB2C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-24] (Microsoft Corporation)
    Task: {3A05131B-DD71-4A52-8D85-EDB6650864D0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-24] ()
    Task: {3A2A3E98-08E4-4D89-BD96-0ECA42046A3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {3C8DA9AD-B38F-4E84-A66B-888F411E8D19} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-24] (Microsoft Corporation)
    Task: {498821DE-0215-404C-ACFB-6BDF64A17EA4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
    Task: {582C4225-C25A-4072-82E4-544BDF1DD1D9} - System32\Tasks\{7C3C99D2-C6D1-4315-97CD-EA1F44AE6558} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Dad\Desktop\R174616.exe -d C:\Users\Dad\Desktop
    Task: {5FD4DA14-8FE7-4F8E-A4CA-F48C145971BF} - System32\Tasks\1215tbUpdateInfo => C:\ProgramData\Avg_Update_1215tb\1215tb_{37D935FE-CFD2-4E91-BA42-3CCDD693D97E}.exe
    Task: {7ED68182-568A-4CB4-80FA-EC39C3A1DB67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
    Task: {8FD532F9-8588-443A-885D-4DC1FBDACAD1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
    Task: {9564836E-54AE-4FE1-A47F-AA4B0581ED8C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
    Task: {991558FC-EC88-44A0-B5EB-4F348A73361E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
    Task: {A6B94F68-5F1D-475F-8090-44C2086F61B4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-07-22] (@ByELDI)
    Task: {C708F0F5-7301-4120-AC9B-F8E61460F878} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {D3B1B61C-929E-4ED1-BC29-FA5EE367DADD} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
    Task: {E470C9C2-C3B7-441C-B22E-E7607F85025A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2017-09-04] (AVG Technologies CZ, s.r.o.)
    Task: {E8939421-C7E5-42C1-897F-16BE1AEF9BBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-07-31] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 09:25 - 2016-07-16 09:25 - 000190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-09-26 04:32 - 2016-09-26 04:32 - 002048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-04-26 19:31 - 2006-10-06 07:06 - 000045056 _____ () C:\WINDOWS\System32\DLPRMON.DLL
    2016-10-05 19:18 - 2016-10-05 19:18 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-09-01 02:49 - 2017-09-01 02:49 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-05-08 14:17 - 2013-05-08 14:17 - 000082144 _____ () C:\Program Files\HDD Regenerator\hrsrv.exe
    2015-12-10 22:06 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-12-10 22:06 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-12-10 22:06 - 2014-05-13 13:04 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2015-12-10 22:06 - 2012-08-23 11:38 - 000574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2015-12-10 22:06 - 2012-04-03 18:06 - 000565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2017-08-22 06:05 - 2017-09-24 05:16 - 008928968 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
    2016-07-16 09:25 - 2016-07-16 09:25 - 000109056 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
    2017-09-04 19:53 - 2017-09-04 19:53 - 000060160 _____ () C:\Program Files\AVG\Antivirus\module_lifetime.dll
    2016-07-16 09:25 - 2016-07-16 09:25 - 000108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-09-26 04:32 - 2016-09-26 04:32 - 000321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-09-26 04:32 - 2016-09-26 04:32 - 006726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-09-26 04:32 - 2016-09-26 04:32 - 001149440 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-09-26 04:32 - 2016-09-26 04:32 - 000526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-09-26 04:32 - 2016-09-26 04:32 - 000779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-09-26 04:32 - 2016-09-26 04:32 - 001741824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-09-26 04:32 - 2016-09-26 04:32 - 003158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-11-28 12:49 - 2016-11-28 12:49 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
    2016-02-05 02:50 - 2015-09-18 12:28 - 000081640 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\AppService.exe
    2016-02-05 02:50 - 2015-09-17 09:55 - 000872448 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\Framework.dll
    2016-02-05 02:50 - 2014-09-12 04:11 - 000013824 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\Utility.dll
    2016-02-05 02:50 - 2015-06-24 06:53 - 002825216 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\IosDevice.dll
    2016-02-05 02:50 - 2011-03-24 09:42 - 000334848 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\QtXml4.dll
    2016-02-05 02:50 - 2011-03-24 09:56 - 007981056 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\QtGui4.dll
    2016-02-05 02:50 - 2011-03-24 09:43 - 000934912 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\QtNetwork4.dll
    2016-02-05 02:50 - 2011-03-24 09:42 - 002145792 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\QtCore4.dll
    2016-02-05 02:50 - 2011-03-24 11:25 - 009843200 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\QtWebKit4.dll
    2016-02-05 02:50 - 2014-09-15 02:51 - 000987136 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\libxml2.dll
    2016-02-05 02:50 - 2011-03-24 10:06 - 000232960 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\phonon4.dll
    2016-02-05 02:50 - 2011-03-24 10:06 - 002530816 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\QtXmlPatterns4.dll
    2016-02-05 02:50 - 2014-09-15 02:51 - 000077824 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\zlib1.dll
    2016-02-05 02:50 - 2014-09-12 04:11 - 000562072 _____ () C:\Program Files\Aiseesoft Studio\FoneLab\SQLite3.dll
    2017-07-02 19:48 - 2014-11-18 14:44 - 000255072 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
    2017-07-02 19:48 - 2014-02-13 15:27 - 000222792 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\traynet.dll
    2017-07-02 19:48 - 2014-02-13 15:27 - 000275528 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\libcurl.dll
    2017-07-02 19:48 - 2014-02-13 15:27 - 000113166 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\zlib1.dll
    2017-07-02 19:48 - 2014-02-13 15:27 - 000249928 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\uexper.dll
    2017-09-04 19:53 - 2017-09-04 19:53 - 000168216 _____ () C:\Program Files\AVG\Antivirus\JsonRpcServer.dll
    2017-07-24 17:43 - 2017-07-24 17:43 - 067109376 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
    2017-09-04 19:53 - 2017-09-04 19:53 - 000213024 _____ () C:\Program Files\AVG\Antivirus\event_routing_rpc.dll
    2017-09-04 19:53 - 2017-09-04 19:53 - 000243080 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
    2017-09-27 19:56 - 2017-09-27 19:56 - 000693528 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
    2016-08-16 08:36 - 2016-08-16 08:37 - 000017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
    2016-08-16 08:36 - 2016-08-16 08:37 - 011393536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
    2016-08-16 08:36 - 2016-08-16 08:37 - 000541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll
    2016-03-04 06:37 - 2016-03-04 06:38 - 000180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2016-09-28 18:52 - 2016-09-28 18:52 - 002928640 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x86__8wekyb3d8bbwe\Calculator.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences [386]
    AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [314]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\Software\Classes\.scr: AutoCADScriptFile =>

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7914 more sites.

    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\123simsen.com -> www.123simsen.com

    There are 7914 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-10 09:28 - 2017-08-20 17:31 - 000453327 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15560 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\Desktop\Murdo\Settings\66.jpg
    DNS Servers: 62.6.40.178 - 62.6.40.162
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run: => "CTxfiHlp"
    HKLM\...\StartupApproved\Run: => "ADSKAppManager"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => " QQPCTray"
    HKLM\...\StartupApproved\Run: => "Monitor"
    HKLM\...\StartupApproved\Run: => "WindowsDefender"
    HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\StartupApproved\StartupFolder: => "produpd.lnk"
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\StartupApproved\Run: => "Akworks"
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\StartupApproved\Run: => "K061WSFDFT"
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\StartupApproved\Run: => "LC3RCYU6XX"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{E866ECD1-69DC-4FFD-B2BE-87413CD32304}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
    FirewallRules: [{384CF852-664C-4626-9491-FE3B99633E4F}] => (Allow) 㩃啜敳獲䑜摡䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e
    FirewallRules: [{298D0BF0-B2A8-4479-B1FA-DA4029FFB5C9}] => (Allow) 㩃啜敳獲䑜摡䅜灰慄慴剜慯業杮獜湳獜湳攮數
    FirewallRules: [{B26A5B77-5993-438D-9DCB-12AF213BA2F8}] => (Allow) C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe
    FirewallRules: [{1559CA9B-A7B7-4D0C-9CEC-C19E58EDE5F1}] => (Allow) C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe
    FirewallRules: [{71F24588-3D73-45BE-BFE7-727641DE6B79}] => (Allow) C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe
    FirewallRules: [{90EB0001-7981-43DF-A250-82CE11054C93}] => (Allow) C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe
    FirewallRules: [{98F5814D-6AF3-4B31-9C41-BF4F50A78DFD}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe
    FirewallRules: [{DDDA3E80-90A6-44BC-B1F9-35D3933B5D23}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe
    FirewallRules: [{70EC6685-EEFF-4E1F-B561-F74DFDC4CA37}] => (Allow) C:\Windows\System32\dlbtcoms.exe
    FirewallRules: [{34D4C229-7EF6-4BAD-9282-793DC7C31284}] => (Allow) C:\Windows\System32\dlbtcoms.exe
    FirewallRules: [UDP Query User{D444CC20-6351-4AC5-AA0D-365344F482DE}C:\program files\shairport4w\shairport4w.exe] => (Block) C:\program files\shairport4w\shairport4w.exe
    FirewallRules: [TCP Query User{6345A0DD-0EF9-4539-BAFE-92F9C8D5ED1C}C:\program files\shairport4w\shairport4w.exe] => (Block) C:\program files\shairport4w\shairport4w.exe
    FirewallRules: [{3BA6BB1A-E109-408C-878B-332497B282F8}] => (Allow) C:\Program Files\Shairport4w\Shairport4w.exe
    FirewallRules: [{E8B208F2-7F39-4CBA-9619-F83991582257}] => (Allow) C:\Program Files\Shairport4w\Shairport4w.exe
    FirewallRules: [UDP Query User{37BF7344-404B-4C0B-930C-A7254FF4868D}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
    FirewallRules: [TCP Query User{259C43B6-BB7F-476A-8FF0-085010745D26}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
    FirewallRules: [UDP Query User{C4864A50-D644-4B0D-89D9-DB857CDD3539}C:\program files\airfoil\airfoilspeakers.exe] => (Allow) C:\program files\airfoil\airfoilspeakers.exe
    FirewallRules: [TCP Query User{E6AD8DD2-0F33-44E0-9859-6ED3D75D76B6}C:\program files\airfoil\airfoilspeakers.exe] => (Allow) C:\program files\airfoil\airfoilspeakers.exe
    FirewallRules: [UDP Query User{3F2E22D7-453E-4B58-9389-4F6B2395A194}C:\program files\airfoil\airfoil.exe] => (Allow) C:\program files\airfoil\airfoil.exe
    FirewallRules: [TCP Query User{A817DE3B-212E-45F3-A54E-6B84D511966D}C:\program files\airfoil\airfoil.exe] => (Allow) C:\program files\airfoil\airfoil.exe
    FirewallRules: [{7A0BD688-D3FF-4DC0-8939-33AFF9F9D2AA}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
    FirewallRules: [{5F419906-1DEA-4A6E-AED3-2FA218EA4E64}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
    FirewallRules: [{512E1FEF-1DE0-45B7-AC24-11B83ADB1BE2}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
    FirewallRules: [{EC220345-D38A-4AAA-9AE7-7216F08BB878}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
    FirewallRules: [{4FD8E92A-1EAB-4B3F-9AA0-4641E987D1B7}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
    FirewallRules: [{057C92DB-7B3B-4271-9990-92B796A66F60}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
    FirewallRules: [{6F93EEA4-C743-420B-A19F-0ECAD9A407F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{2350A2A4-BC1F-430F-B8C0-DBEE9F42AB4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{97636684-B561-4880-8D8C-36A8729AFA51}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{B464C2BD-C96A-49D6-8BF3-B701E19AF761}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{16EB2B04-0FF9-49BC-8124-D2BF87749A83}] => (Allow) C:\Program Files\BitComet\BitComet.exe
    FirewallRules: [{B0A7B3C4-1268-47A2-B240-70661A64F87B}] => (Allow) C:\Program Files\BitComet\BitComet.exe
    FirewallRules: [{8DD7AEBA-C5E9-45DB-8255-572191793578}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
    FirewallRules: [{28CC1F95-D1C5-4B0D-B13F-8207EFB18774}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
    FirewallRules: [{317EA138-92F4-40C0-81CF-D295363A6BC4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{B226070D-4139-4DF8-9FC2-E2DE3C32BB43}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{A934403B-6D6E-4B70-BF91-939B2161138A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{A6311737-78A2-4063-A39B-C149FB7143AB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{D3187473-A83D-4998-BB21-96593B02DF8D}C:\program files\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files\dearmob\5kplayer\5kplayer.exe
    FirewallRules: [UDP Query User{FA948DEC-5361-45E3-86D5-FD8572A7855C}C:\program files\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files\dearmob\5kplayer\5kplayer.exe
    FirewallRules: [{8C774F6C-821B-41AD-A212-1D9A03D19A0B}] => (Allow) C:\Program Files\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
    FirewallRules: [{353736F0-2029-4E21-B3BC-B91A73C2A497}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{2075EC3F-4E87-4E5C-8518-316102D6AD4B}] => (Allow) C:\Program Files\Nero\Nero 2017\Nero Burning ROM\StartNBR.exe
    FirewallRules: [{663ADB34-7BB7-44FB-8C78-F732F5AF087B}] => (Allow) C:\Program Files\Nero\Nero 2017\Nero MediaHome\NMDllHost.exe
    FirewallRules: [{98918B9E-279C-47DD-8B88-70090A396749}] => (Allow) C:\Program Files\Nero\Nero 2017\Nero MediaHome\MediaHome.exe
    FirewallRules: [{059C96C5-7EE7-4F87-A382-7D9D4323B3E3}] => (Allow) C:\Program Files\Nero\Nero 2017\Nero Burning ROM\nero.exe
    FirewallRules: [TCP Query User{E9CF9825-32DE-4E64-8B03-774EE22C2AD4}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
    FirewallRules: [UDP Query User{EBF9B98A-BA02-4DAE-8F68-FD771B275FC3}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
    FirewallRules: [{E1F715F2-05DB-4E21-BEB9-9AAA93E35893}] => (Allow) C:\Program Files\Steam\Steam.exe
    FirewallRules: [{ABF08258-0271-40A0-85B1-F42845F97D45}] => (Allow) C:\Program Files\Steam\Steam.exe
    FirewallRules: [{55D4B5C3-7C2D-40B4-B596-461C5F9880D0}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{517DD9EE-B746-4F9D-85E8-4E373A50EDF9}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{1EF6B511-E2BF-43B0-BF52-8F22F0BC88DD}] => (Allow) C:\Program Files\Steam\steamapps\common\Human Fall Flat\Human.exe
    FirewallRules: [{D9C76DC8-5EDD-4E56-AED0-D60F390B45E9}] => (Allow) C:\Program Files\Steam\steamapps\common\Human Fall Flat\Human.exe
    FirewallRules: [{52A3492C-7478-42A8-9E14-E44F4B9F56A3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{C94859F9-4206-4DA6-A051-EB827CAF0438}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
    FirewallRules: [{E6FC97E6-9AF1-4243-945D-9D04668C1185}] => (Allow) C:\Program Files\Nero\Nero 2016\Nero Burning ROM\nero.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    14-09-2017 22:08:29 Scheduled Checkpoint
    23-09-2017 20:44:09 Scheduled Checkpoint
    02-10-2017 20:42:46 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: PCI Serial Port
    Description: PCI Serial Port
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: PCI Simple Communications Controller
    Description: PCI Simple Communications Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/04/2017 07:01:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Repair_Windows.exe, version: 4.0.0.7, time stamp: 0x59d3abef
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x0014ff58
    Faulting process id: 0x178
    Faulting application start time: 0x01d33d3ac2407e4c
    Faulting application path: C:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe
    Faulting module path: unknown
    Report Id: 5b6b1da8-3874-4305-8cd6-7465c1c43de2
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (10/03/2017 11:59:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AutoPico.exe, version: 14.0.1.0, time stamp: 0x55aef295
    Faulting module name: KERNELBASE.dll, version: 10.0.14393.187, time stamp: 0x57cf9899
    Exception code: 0xe0434352
    Fault offset: 0x000c2062
    Faulting process id: 0x2568
    Faulting application start time: 0x01d33c9b3387beec
    Faulting application path: C:\Program Files\KMSpico\AutoPico.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: a240fff8-46da-4e60-b4ca-b9a2f3e7f226
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (10/03/2017 11:59:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: AutoPico.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.FileNotFoundException
    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
    at System.Management.ManagementObject.InvokeMethod(System.String, System.Management.ManagementBaseObject, System.Management.InvokeMethodOptions)
    at AutoPico.Activador.WMI.SoftwareLicensingProduct.Activate()
    at ᜎ.ᜀ(AutoPico.Activador.Variables ByRef, System.Collections.Generic.List`1<AutoPico.Activador.WMI.SoftwareLicensingProduct> ByRef)
    at AutoPico.Activador.Activador.ᜂ(AutoPico.Activador.Variables ByRef)
    at AutoPico.Activador.Activador+ᜀ.ᜂ()
    at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
    at System.Threading.ThreadHelper.ThreadStart()

    Error: (10/03/2017 08:13:36 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\LeapFrog\LeapFrog Connect\TagUSBDrivers\DPInst64.exe".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/03/2017 08:13:36 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\LeapFrog\LeapFrog Connect\TagUSBDrivers\DPInst64.exe".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/03/2017 08:12:59 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\EaseUS\EaseUS Partition Master 12.0\BUILDPE\EaseUS-x64\epm\bin\Main.exe".
    Dependent Assembly Microsoft.Windows.Common-Controls,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/03/2017 08:12:59 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files\EaseUS\EaseUS Partition Master 12.0\BUILDPE\EaseUS-x64\epm\bin\Main.exe".
    Dependent Assembly Microsoft.Windows.Common-Controls,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/03/2017 07:20:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 8e0

    Start Time: 01d33c741451c600

    Termination Time: 32

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id: 8a9e7353-a867-11e7-945d-001e4fdf241c

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (10/03/2017 07:16:02 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
    Description: Enumerating user sessions to generate filter pools failed.

    Details:
    (HRESULT : 0x80040210) (0x80040210)

    Error: (10/02/2017 08:42:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .


    System errors:
    =============
    Error: (10/04/2017 03:59:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
    and APPID
    {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/04/2017 03:59:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
    and APPID
    {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/04/2017 03:59:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
    and APPID
    {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/04/2017 03:59:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
    and APPID
    {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/04/2017 03:59:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
    and APPID
    {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/04/2017 08:23:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
    and APPID
    {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/04/2017 08:23:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
    and APPID
    {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/04/2017 08:23:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
    and APPID
    {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/03/2017 11:59:40 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
    Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
    "2"
    Happened while starting this command:
    C:\WINDOWS\system32\SppExtComObj.exe -Embedding

    Error: (10/03/2017 11:59:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {3C296D07-90AE-4FAC-86F9-65EAA8B82D22} did not register with DCOM within the required timeout.


    CodeIntegrity:
    ===================================
    Date: 2017-10-04 18:57:36.620
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-10-04 18:57:36.616
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-10-03 20:14:36.180
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-10-03 20:14:36.177
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-10-02 18:56:28.341
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-10-02 18:56:28.337
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-10-02 18:26:49.613
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-10-02 18:26:49.609
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-10-02 18:26:49.606
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-10-02 18:26:49.602
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
    Percentage of memory in use: 58%
    Total physical RAM: 3069.61 MB
    Available physical RAM: 1265.42 MB
    Total Virtual: 4357.7 MB
    Available Virtual: 1956.23 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1862.57 GB) (Free:917.64 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive j: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive k: (Music) (Fixed) (Total:224.51 GB) (Free:79.05 GB) NTFS
    Drive l: (Old OS Windows 7) (Fixed) (Total:241.15 GB) (Free:112.47 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D3C687C8)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=224.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=241.2 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: ED56A399)
    Partition 1: (Active) - (Size=1862.6 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

    ==================== End of Addition.txt ============================

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,747

    Default

    Please go to your add/remove programs list, look for and delete
    Findwide Toolbar (HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\{D9E0E111-6FB8-48F0-BC95-CF78A7835A84}) (Version: - Freshy) <==== ATTENTION
    KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
    KMSpico, This is illegal activation tools for Microsoft Windows and Office products.

    ~~~~~~~~~~~~~~~~~~`
    Start Farbar Recovery Scan Tool (Please double-click on FRST/FRST64) with Administrator privileges

    Highlight the below information then hit the Ctrl + C keys at the same time
    or Right click/highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::


    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\Policies\Explorer: []
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
    SearchScopes: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={AD1DB690-F951-4B2B-9C85-145BE2B61EF1}&mid=409ad691902747ccb062d15805c271ac-0c7233c5c59cc201da8a7ddd4985513d8e8381be&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=fr&d=2015-12-09 02:58:28&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL =
    SearchScopes: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002 -> {EFE22B57-9F3C-4B9E-AB38-0368E469796D} URL =
    FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi\ [not found]
    C:\ProgramData\KMSAuto
    2017-09-03 18:55 - 016739360 _____ () C:\Users\Dad\AppData\Local\Temp\Bit1224.tmp.exe
    2017-09-18 20:15 - 2017-09-18 20:15 - 016739360 _____ () C:\Users\Dad\AppData\Local\Temp\Bit2F94.tmp.exe
    2016-09-27 09:26 - 2016-09-27 09:26 - 016187624 _____ () C:\Users\Dad\AppData\Local\Temp\Bit9653.tmp.exe
    2017-08-08 22:00 - 2017-08-08 22:00 - 016742904 _____ () C:\Users\Dad\AppData\Local\Temp\Bit9DE7.tmp.exe
    2016-12-04 14:53 - 2016-12-04 14:53 - 016187624 _____ () C:\Users\Dad\AppData\Local\Temp\BitDE07.tmp.exe
    2017-08-20 17:39 - 2016-07-16 09:25 - 000628440 _____ (Microsoft Corporation) C:\Users\Dad\AppData\Local\Temp\kernel32.dll
    2016-12-15 07:06 - 2016-12-15 07:06 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Dad\AppData\Local\Temp\libeay32.dll
    2017-07-02 22:14 - 2017-07-02 22:15 - 120455440 _____ (Microsoft Corporation) C:\Users\Dad\AppData\Local\Temp\mpam-6b3b5ec6.exe
    2016-12-15 07:06 - 2016-12-15 07:06 - 000970912 _____ (Microsoft Corporation) C:\Users\Dad\AppData\Local\Temp\msvcr120.dll
    2016-12-15 07:06 - 2016-12-15 07:06 - 000772672 _____ () C:\Users\Dad\AppData\Local\Temp\sqlite3.dll
    2016-10-09 15:02 - 2016-10-09 15:02 - 000012288 _____ () C:\Users\Dad\AppData\Local\Temp\TWcKOuHOnezxmjSkVTaA.DLL
    2016-09-28 00:55 - 2015-01-26 09:09 - 000060296 _____ (Autodesk, Inc.) C:\Users\Dad\AppData\Local\Temp\AcDeltree.exe
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    Task: {A6B94F68-5F1D-475F-8090-44C2086F61B4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-07-22] (@ByELDI)
    AlternateDataStreams: C:\Windows:nlsPreferences [386]
    AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [314]
    Emptytemp:
    End::


    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    ~~

    Let's update Malwarebytes Anti-Malware and run a new scan

    Open Malwarebytes Anti-Malware
    click the Settings tab,at the top choose Protection and tick Scan for rootkits.
    Click the Dashboard tab, choose Scan, Threat Scan is checked and click Start Scan.
    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    Upon completion of the scan (or after the reboot), click the Reports tab.
    Double-click the Scan Log.
    At the bottom click Export and choose Text file.

    Save the file to your desktop and include its content in your next reply.

    You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Malwarebytes AdwCleaner
    • Please download Malwarebytes AdwCleaner and save the file to your Desktop
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click [img=http://i.imgur.com/MqHawIb.png] Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File, folder and registry backups are made for items removed using this programme. Should a legitimate file, folder or registry item be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S0].txt.


    Please post
    Fixlog.txt
    Malwarebytes log
    AdwCleaner log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Member
    Join Date
    Mar 2011
    Posts
    45

    Default Cant find files

    Hi There

    Tried uninstalling findwide toolbar but get the message that the files cant be found ?

    Regarding KMS Pico - Before Removing this - My computers going to be rendered pretty useless I guess if My Windows 10 and Office/Excel are not activated ? Is this program causing an issue ?


    Regards

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,747

    Default

    Quote Originally Posted by woody55 View Post
    Hi There

    Tried uninstalling findwide toolbar but get the message that the files cant be found ?

    Regarding KMS Pico - Before Removing this - My computers going to be rendered pretty useless I guess if My Windows 10 and Office/Excel are not activated ? Is this program causing an issue ?


    Regards
    AutoKMS as all of the KMS activation tools is a cracking utility, this forum cannot support the use of the tool or any other software that is cracked/illegal.
    I can help you with your computer now and tell you of our policies but, if you should return and need help again and it is found...
    help will be denied.
    Also, many sites where this can be downloaded are hacked with malicious code so that makes it risky to say the least.

    If you can, just continue with the fix I created and we can look for remnants for findwide toolbar later.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Member
    Join Date
    Mar 2011
    Posts
    45

    Default Ok - Will do

    uninstalled KMSPico

    Run FRST as stated and here is Fixlog.txt

    Fix result of Farbar Recovery Scan Tool (x86) Version: 06-10-2017
    Ran by Dad (08-10-2017 12:32:38) Run:1
    Running from C:\Users\Dad\Desktop
    Loaded Profiles: Dad (Available Profiles: Dad)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************

    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\...\Policies\Explorer: []
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
    SearchScopes: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={AD1DB690-F951-4B2B-9C85-145BE2B61EF1}&mid=409ad691902747ccb062d15805c271ac-0c7233c5c59cc201da8a7ddd4985513d8e8381be&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316tb&pr=fr&d=2015-12-09 02:58:28&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL =
    SearchScopes: HKU\S-1-5-21-1307612883-4072204045-1798725994-1002 -> {EFE22B57-9F3C-4B9E-AB38-0368E469796D} URL =
    FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi\ [not found]
    C:\ProgramData\KMSAuto
    2017-09-03 18:55 - 016739360 _____ () C:\Users\Dad\AppData\Local\Temp\Bit1224.tmp.exe
    2017-09-18 20:15 - 2017-09-18 20:15 - 016739360 _____ () C:\Users\Dad\AppData\Local\Temp\Bit2F94.tmp.exe
    2016-09-27 09:26 - 2016-09-27 09:26 - 016187624 _____ () C:\Users\Dad\AppData\Local\Temp\Bit9653.tmp.exe
    2017-08-08 22:00 - 2017-08-08 22:00 - 016742904 _____ () C:\Users\Dad\AppData\Local\Temp\Bit9DE7.tmp.exe
    2016-12-04 14:53 - 2016-12-04 14:53 - 016187624 _____ () C:\Users\Dad\AppData\Local\Temp\BitDE07.tmp.exe
    2017-08-20 17:39 - 2016-07-16 09:25 - 000628440 _____ (Microsoft Corporation) C:\Users\Dad\AppData\Local\Temp\kernel32.dll
    2016-12-15 07:06 - 2016-12-15 07:06 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Dad\AppData\Local\Temp\libeay32.dll
    2017-07-02 22:14 - 2017-07-02 22:15 - 120455440 _____ (Microsoft Corporation) C:\Users\Dad\AppData\Local\Temp\mpam-6b3b5ec6.exe
    2016-12-15 07:06 - 2016-12-15 07:06 - 000970912 _____ (Microsoft Corporation) C:\Users\Dad\AppData\Local\Temp\msvcr120.dll
    2016-12-15 07:06 - 2016-12-15 07:06 - 000772672 _____ () C:\Users\Dad\AppData\Local\Temp\sqlite3.dll
    2016-10-09 15:02 - 2016-10-09 15:02 - 000012288 _____ () C:\Users\Dad\AppData\Local\Temp\TWcKOuHOnezxmjSkVTaA.DLL
    2016-09-28 00:55 - 2015-01-26 09:09 - 000060296 _____ (Autodesk, Inc.) C:\Users\Dad\AppData\Local\Temp\AcDeltree.exe
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Dad\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    Task: {A6B94F68-5F1D-475F-8090-44C2086F61B4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-07-22] (@ByELDI)
    AlternateDataStreams: C:\Windows:nlsPreferences [386]
    AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [314]
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} => key removed successfully.
    HKLM\Software\Classes\CLSID\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} => key not found.
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully.
    HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key removed successfully.
    HKLM\Software\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
    HKU\S-1-5-21-1307612883-4072204045-1798725994-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFE22B57-9F3C-4B9E-AB38-0368E469796D} => key removed successfully.
    HKLM\Software\Classes\CLSID\{EFE22B57-9F3C-4B9E-AB38-0368E469796D} => key not found.
    C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi\ => path removed successfully.
    C:\ProgramData\KMSAuto => moved successfully
    C:\Users\Dad\AppData\Local\Temp\Bit1224.tmp.exe => moved successfully
    C:\Users\Dad\AppData\Local\Temp\Bit2F94.tmp.exe => moved successfully
    C:\Users\Dad\AppData\Local\Temp\Bit9653.tmp.exe => moved successfully
    C:\Users\Dad\AppData\Local\Temp\Bit9DE7.tmp.exe => moved successfully
    C:\Users\Dad\AppData\Local\Temp\BitDE07.tmp.exe => moved successfully
    C:\Users\Dad\AppData\Local\Temp\kernel32.dll => moved successfully
    C:\Users\Dad\AppData\Local\Temp\libeay32.dll => moved successfully
    C:\Users\Dad\AppData\Local\Temp\mpam-6b3b5ec6.exe => moved successfully
    C:\Users\Dad\AppData\Local\Temp\msvcr120.dll => moved successfully
    C:\Users\Dad\AppData\Local\Temp\sqlite3.dll => moved successfully
    C:\Users\Dad\AppData\Local\Temp\TWcKOuHOnezxmjSkVTaA.DLL => moved successfully
    C:\Users\Dad\AppData\Local\Temp\AcDeltree.exe => moved successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => key removed successfully.
    HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => key removed successfully.
    HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => key removed successfully.
    HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully.
    HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key removed successfully.
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key removed successfully.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully.
    HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found.
    HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key removed successfully.
    HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6B94F68-5F1D-475F-8090-44C2086F61B4} => key not found.
    C:\Windows\System32\Tasks\AutoPico Daily Restart => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found.
    C:\Windows => ":nlsPreferences" ADS removed successfully..
    C:\ProgramData\TEMP => ":B755D674" ADS removed successfully..

    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 366045809 B
    Java, Flash, Steam htmlcache => 6773249 B
    Windows/system/drivers => 12310584 B
    Edge => 1768575 B
    Chrome => 0 B
    Firefox => 15494201 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 6656 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    LocalService => 23642248 B
    NetworkService => 368912110 B
    Dad => 3909063805 B

    RecycleBin => 0 B
    EmptyTemp: => 4.4 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 12:49:37 ====


    Rebooted system

    when I try and open Malwarebytes I get the message "unable to connect the service"

    So I uninstalled it - re-downloaded and installed - Still get the same message ??

    Doing ADCleaner scan just now will post results after its restart.

  10. #10
    Member
    Join Date
    Mar 2011
    Posts
    45

    Default adwcleaner log

    # AdwCleaner 7.0.3.1 - Logfile created on Sun Oct 08 12:13:50 2017
    # Updated on 2017/29/09 by Malwarebytes
    # Running on Windows 10 Pro (X86)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services deleted.

    ***** [ Folders ] *****

    No malicious folders deleted.

    ***** [ Files ] *****

    No malicious files deleted.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\combofix.en.softonic.com
    Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com
    Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1215tbUpdateInfo


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries deleted.

    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0



    *************************

    C:/AdwCleaner/AdwCleaner[C0].txt - [6612 B] - [2016/9/28 19:45:24]
    C:/AdwCleaner/AdwCleaner[C10].txt - [2600 B] - [2017/3/7 20:13:30]
    C:/AdwCleaner/AdwCleaner[C11].txt - [3207 B] - [2017/7/2 21:25:7]
    C:/AdwCleaner/AdwCleaner[C2].txt - [1739 B] - [2016/9/29 17:26:6]
    C:/AdwCleaner/AdwCleaner[C3].txt - [1581 B] - [2016/9/29 21:48:44]
    C:/AdwCleaner/AdwCleaner[C4].txt - [2296 B] - [2016/10/15 13:21:3]
    C:/AdwCleaner/AdwCleaner[C5].txt - [9858 B] - [2016/10/15 13:55:19]
    C:/AdwCleaner/AdwCleaner[C6].txt - [2585 B] - [2016/10/15 14:5:6]
    C:/AdwCleaner/AdwCleaner[C7].txt - [2147 B] - [2016/10/15 14:55:44]
    C:/AdwCleaner/AdwCleaner[C8].txt - [2745 B] - [2016/11/3 17:30:28]
    C:/AdwCleaner/AdwCleaner[C9].txt - [2535 B] - [2016/12/21 21:41:3]
    C:/AdwCleaner/AdwCleaner[S0].txt - [6165 B] - [2016/9/28 19:42:26]
    C:/AdwCleaner/AdwCleaner[S10].txt - [2835 B] - [2016/11/3 17:30:0]
    C:/AdwCleaner/AdwCleaner[S11].txt - [2664 B] - [2016/12/21 21:40:28]
    C:/AdwCleaner/AdwCleaner[S12].txt - [2735 B] - [2017/3/7 20:12:46]
    C:/AdwCleaner/AdwCleaner[S13].txt - [2875 B] - [2017/4/29 11:6:20]
    C:/AdwCleaner/AdwCleaner[S14].txt - [2949 B] - [2017/6/17 18:19:53]
    C:/AdwCleaner/AdwCleaner[S15].txt - [3061 B] - [2017/7/2 21:21:16]
    C:/AdwCleaner/AdwCleaner[S16].txt - [3048 B] - [2017/9/7 20:52:10]
    C:/AdwCleaner/AdwCleaner[S17].txt - [2854 B] - [2017/9/26 18:5:5]
    C:/AdwCleaner/AdwCleaner[S18].txt - [3379 B] - [2017/10/8 12:10:3]
    C:/AdwCleaner/AdwCleaner[S1].txt - [1764 B] - [2016/9/29 17:22:54]
    C:/AdwCleaner/AdwCleaner[S2].txt - [1690 B] - [2016/9/29 21:43:41]
    C:/AdwCleaner/AdwCleaner[S3].txt - [1614 B] - [2016/9/30 15:43:24]
    C:/AdwCleaner/AdwCleaner[S4].txt - [1687 B] - [2016/10/4 10:9:46]
    C:/AdwCleaner/AdwCleaner[S5].txt - [2303 B] - [2016/10/15 13:20:28]
    C:/AdwCleaner/AdwCleaner[S6].txt - [9689 B] - [2016/10/15 13:54:12]
    C:/AdwCleaner/AdwCleaner[S7].txt - [2551 B] - [2016/10/15 14:3:29]
    C:/AdwCleaner/AdwCleaner[S8].txt - [2255 B] - [2016/10/15 14:14:10]
    C:/AdwCleaner/AdwCleaner[S9].txt - [2344 B] - [2016/10/16 15:50:13]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C11].txt ##########

    also - I am unable to turn on windows security

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •