Page 1 of 4 1234 LastLast
Results 1 to 10 of 31

Thread: System Restore Disappeared

  1. #1
    Junior Member
    Join Date
    Feb 2010
    Posts
    28

    Default System Restore Disappeared

    Hello and Thank you in advance. My computer has started acting strange. When I open a folder, all folders inside are highlighted (not a biggie, but no usual) Many programs slowing down to open. System restore is "there" but does nothing when you click the button, like it's 'dead'. I've cleaned, defragged, you know, general upkeep, cleanup. Seemed to make it worse. I backed up my registry. It said that two entries failed. I don't know if you need any of that. Spybot logs run clean. So, here are the logs...

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
    Ran by Owner (administrator) on OWNER-PC446 (14-06-2018 09:11:57)
    Running from C:\Users\Owner\Desktop
    Loaded Profiles: Owner & Yodi & CompAdmin (Available Profiles: Owner & Yodi & CompAdmin)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe
    (f.lux Software LLC) C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [GwxControlPanelMonitor] => C:\Users\Owner\Documents\Programs\Security\windows 10 stuff\GWX_control_panel.exe [4596296 2017-01-31] (UltimateOutsider)
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Run: [f.lux] => C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe [1682936 2018-01-17] (f.lux Software LLC)
    HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\MountPoints2: {0a8a8fdb-9b75-11e5-b600-8dcc0ab31f22} - D:\Run.exe
    HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\MountPoints2: {4dda4dd6-4b1d-11e8-b019-fcaa14e2776d} - J:\Start.exe
    HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\MountPoints2: {fa077db1-b565-11e5-9080-fcaa14e2776d} - J:\LG_PC_Programs.exe
    IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\softwareupdate.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    IFEO\startupdo.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk.disabled [2018-01-01]
    ShortcutTarget: Avast Cleanup Premium.lnk.disabled -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 192.168.1.1
    Tcpip\..\Interfaces\{79461EA5-6AF5-4F5B-9C66-6A3724E731E4}: [DhcpNameServer] 192.168.2.254 192.168.1.1
    Tcpip\..\Interfaces\{FD6C0BDB-71C1-4531-9144-D395A21AC314}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-17] (AVAST Software)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-18] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-17] (AVAST Software)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-18] (Oracle Corporation)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

    FireFox:
    ========
    FF DefaultProfile: siueqfw7.default-1482705022050-1527525206204
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\siueqfw7.default-1482705022050-1527525206204 [2018-06-14]
    FF Session Restore: Mozilla\Firefox\Profiles\siueqfw7.default-1482705022050-1527525206204 -> is enabled.
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-16] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-16] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-18] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-18] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1769359704-1337508281-3947573860-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Owner\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-10-03] (Zoom Video Communications, Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://m.uscellular.com/uscellular/app/login/authenticate/
    CHR StartupUrls: Default -> "hxxps://m.uscellular.com/uscellular/app/login/authenticate/"
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-06-12]
    CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-18]
    CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-18]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-18]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-18]
    CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-06-11]
    CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-18]
    CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-23]
    CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-20]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-20]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-18]
    CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-17] (AVAST Software)
    S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-13] (AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [428984 2018-05-17] (AVAST Software)
    S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-13] (AVAST Software)
    R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [8633072 2018-06-11] (AVAST Software)
    S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
    S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
    S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Microsoft)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
    R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-17] (AVAST Software)
    R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
    R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
    R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
    R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
    S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-17] (AVAST Software)
    R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-17] (AVAST Software)
    R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-07-04] (AVAST Software)
    R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [640248 2018-05-17] (AVAST Software)
    R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-17] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-17] (AVAST Software)
    R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-17] (AVAST Software)
    R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-17] (AVAST Software)
    S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-17] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-17] (AVAST Software)
    S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
    R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
    R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-14 09:11 - 2018-06-14 09:12 - 000015608 _____ C:\Users\Owner\Desktop\FRST.txt
    2018-06-14 09:10 - 2018-06-14 09:11 - 000000000 ____D C:\FRST
    2018-06-14 09:10 - 2018-06-14 09:10 - 002413056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2018-06-14 08:58 - 2018-06-14 08:58 - 000000207 _____ C:\Windows\tweaking.com-regbackup-OWNER-PC446-Windows-7-Professional-(64-bit).dat
    2018-06-14 08:58 - 2018-06-14 08:58 - 000000000 ____D C:\RegBackup
    2018-06-14 08:56 - 2018-06-14 08:56 - 000002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2018-06-14 08:56 - 2018-06-14 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2018-06-14 08:56 - 2018-06-14 08:56 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2018-06-14 08:55 - 2018-06-14 08:56 - 000018258 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
    2018-06-14 08:53 - 2018-06-14 08:53 - 005766144 _____ (Tweaking.com) C:\Users\Owner\Desktop\tweaking.com_registry_backup_setup.exe
    2018-06-13 04:43 - 2018-06-13 04:43 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
    2018-06-13 04:41 - 2018-06-13 04:41 - 000003374 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
    2018-06-13 04:41 - 2018-06-13 04:41 - 000003246 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
    2018-06-13 04:41 - 2018-06-13 04:41 - 000000000 ____D C:\Users\Owner\AppData\Local\AVAST Software
    2018-06-08 14:44 - 2018-06-08 14:44 - 000890704 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-06-02 19:43 - 2018-06-02 19:44 - 013066610 _____ C:\Users\Owner\Desktop\Herbaria Vol8#2.pdf
    2018-05-28 11:31 - 2018-06-08 14:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2018-05-28 11:31 - 2018-05-28 11:31 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-05-23 01:29 - 2018-06-13 04:48 - 000002045 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
    2018-05-23 01:29 - 2018-05-23 01:29 - 000000000 ____D C:\Users\Owner\AppData\Local\FluxSoftware
    2018-05-22 11:25 - 2018-06-14 08:37 - 000000000 ____D C:\Users\Owner\Desktop\Old Firefox Data
    2018-05-19 15:26 - 2018-05-19 15:27 - 000000000 ____D C:\Users\Owner\Documents\Receipts
    2018-05-19 12:11 - 2018-05-19 12:11 - 000000000 ____D C:\Users\Owner\AppData\Local\ESET
    2018-05-19 12:09 - 2018-05-19 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-05-18 20:01 - 2018-05-18 20:01 - 000000000 ____D C:\Users\CompAdmin\AppData\Local\Google
    2018-05-18 14:35 - 2018-05-17 22:12 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-14 09:07 - 2016-11-16 10:09 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
    2018-06-14 08:34 - 2017-10-09 13:55 - 000000300 _____ C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    2018-06-13 16:52 - 2016-10-17 15:20 - 000000000 ____D C:\Users\Owner\Documents\Laughingbird Documents
    2018-06-13 16:31 - 2016-02-12 14:45 - 000000000 ____D C:\Users\Owner\AppData\Roaming\CoreFTP
    2018-06-13 10:19 - 2015-12-13 21:18 - 000000000 ____D C:\RFD
    2018-06-13 04:49 - 2009-07-13 23:45 - 000031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-06-13 04:49 - 2009-07-13 23:45 - 000031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-06-13 04:48 - 2017-03-17 14:31 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
    2018-06-13 04:48 - 2015-12-05 14:37 - 000000000 ____D C:\ProgramData\AVAST Software
    2018-06-13 04:46 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-06-13 04:46 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
    2018-06-13 04:41 - 2018-01-01 18:36 - 000000000 ____D C:\Program Files (x86)\AVAST Software
    2018-06-13 04:40 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-06-13 04:39 - 2015-12-05 13:23 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-06-12 14:00 - 2018-01-18 18:39 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-06-12 14:00 - 2018-01-18 18:39 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-06-09 08:37 - 2015-12-07 20:57 - 000000000 ____D C:\Users\Owner\Documents\Gardening
    2018-06-09 07:26 - 2017-01-15 01:49 - 000000000 ____D C:\Users\Owner\Documents\Memes
    2018-06-08 17:50 - 2015-12-07 21:02 - 000000000 ____D C:\Users\Owner\Documents\Personal
    2018-06-08 17:45 - 2018-01-01 18:37 - 000004194 _____ C:\Windows\System32\Tasks\Avast TUNEUP Update
    2018-06-08 17:45 - 2017-10-25 21:24 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
    2018-06-08 14:44 - 2016-12-02 12:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2018-06-08 14:44 - 2014-07-18 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-06-08 14:42 - 2015-12-12 13:37 - 000000000 ____D C:\ProgramData\CanonIJPLM
    2018-06-07 17:39 - 2017-11-15 01:27 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2018-06-06 19:50 - 2015-12-07 21:35 - 000000000 ____D C:\Users\Owner\Documents\Quotes
    2018-06-02 17:45 - 2015-12-05 13:14 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2018-05-30 03:00 - 2014-07-18 12:55 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2018-05-23 17:00 - 2015-12-05 14:36 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2018-05-21 12:13 - 2015-12-07 20:59 - 000000000 ____D C:\Users\Owner\Documents\Herbs
    2018-05-19 12:09 - 2018-03-20 20:20 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-05-18 23:31 - 2016-09-23 14:53 - 000000000 ____D C:\Users\Owner\Documents\1AWebsites
    2018-05-18 20:05 - 2017-01-14 00:58 - 000000000 ____D C:\Users\CompAdmin\AppData\LocalLow\Mozilla
    2018-05-18 20:03 - 2015-12-13 19:19 - 000000000 ____D C:\Users\CompAdmin\AppData\Roaming\Mozilla
    2018-05-18 20:01 - 2017-01-14 00:57 - 000000000 ____D C:\Users\CompAdmin\AppData\Roaming\Apple Computer
    2018-05-18 18:19 - 2017-09-11 18:10 - 000251032 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2018-05-18 14:36 - 2015-12-24 23:46 - 000001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
    2018-05-18 14:19 - 2015-12-07 20:57 - 000000000 ____D C:\Users\Owner\Documents\graphics
    2018-05-18 14:08 - 2015-12-05 14:35 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2018-05-18 14:08 - 2014-07-18 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2018-05-18 14:07 - 2014-11-12 19:36 - 000000000 ____D C:\Program Files (x86)\Java
    2018-05-18 09:45 - 2015-12-12 13:35 - 000003498 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
    2018-05-17 22:12 - 2017-11-09 18:12 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
    2018-05-17 22:12 - 2015-12-05 14:37 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2018-05-17 22:12 - 2015-12-05 14:37 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2018-05-17 22:12 - 2015-12-05 14:37 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2018-05-17 22:12 - 2015-12-05 14:37 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2018-05-17 22:12 - 2015-12-05 14:37 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2018-05-17 22:12 - 2015-12-05 14:37 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2018-05-17 22:12 - 2015-12-05 14:37 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2018-05-17 22:11 - 2016-02-09 17:16 - 000640248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
    2018-05-17 22:11 - 2015-12-05 14:37 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2018-05-17 14:53 - 2018-01-18 18:38 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2018-05-17 14:53 - 2018-01-18 18:38 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2018-05-15 08:11 - 2015-12-12 13:21 - 000000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help

    ==================== Files in the root of some directories =======

    2017-04-04 08:37 - 2017-04-04 08:37 - 000003932 _____ () C:\Users\Owner\NewFolder.reg

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-07 00:22

    ==================== End of FRST.txt ============================


    This is Addition that came with FRST.txt
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
    Ran by Owner (14-06-2018 09:12:29)
    Running from C:\Users\Owner\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2014-07-18 17:41:18)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1769359704-1337508281-3947573860-500 - Administrator - Disabled)
    CompAdmin (S-1-5-21-1769359704-1337508281-3947573860-1002 - Administrator - Enabled) => C:\Users\CompAdmin
    Guest (S-1-5-21-1769359704-1337508281-3947573860-501 - Limited - Disabled)
    Owner (S-1-5-21-1769359704-1337508281-3947573860-1000 - Administrator - Enabled) => C:\Users\Owner
    Yodi (S-1-5-21-1769359704-1337508281-3947573860-1001 - Limited - Enabled) => C:\Users\Yodi

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
    7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
    Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
    Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
    AI RoboForm (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\AI RoboForm) (Version: - )
    Amazon Kindle (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.4888 - AVAST Software)
    Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
    Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 66.2.567.182 - AVAST Software)
    BeCyPDFMetaEdit (HKLM-x32\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
    Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
    Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
    Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
    Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
    Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12212.0 - Cisco Consumer Products LLC)
    Colour Spy 1.5 (HKLM-x32\...\Colour Spy_is1) (Version: - SilverAge Software, Inc.)
    Core FTP Pro (HKLM-x32\...\CoreFTP) (Version: - )
    Core FTP Pro (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - )
    Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation)
    Corel PaintShop Pro X4 (HKLM-x32\...\{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}) (Version: 14.3.0.3 - Corel Corporation) Hidden
    doPDF (HKLM\...\{F64C7477-8040-4993-9554-EC22AE7FA2C0}) (Version: 8.9.951 - Softland) Hidden
    doPDF 8 (HKLM-x32\...\{3e04b5b8-dfc4-4bb3-99a1-a57ad01e1d55}) (Version: 8.9.951 - Softland)
    e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
    f.lux (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Flux) (Version: - f.lux Software LLC)
    GetDiz (HKLM-x32\...\GetDiz) (Version: 4.91 - Outertech)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
    HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
    HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)
    ICA (HKLM-x32\...\{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation) Hidden
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    IPM_PSP_COM (HKLM-x32\...\{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}) (Version: 14.0.0.332 - Corel Corporation) Hidden
    iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
    Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
    Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
    Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare)
    Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
    Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
    novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{9F60F614-829C-4DE0-8671-C977529A0CAE}) (Version: 8.9.951 - Softland)
    novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{D175C46B-DDC1-49B2-95C4-93825A97E718}) (Version: 8.9.951 - Softland)
    novaPDF 8 Printer Driver (HKLM\...\{C5275556-5365-45C5-9586-1F6D56CD4BB4}) (Version: 8.9.951 - Softland)
    NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
    NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
    ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
    OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
    Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
    PSPPContent (HKLM-x32\...\{006CAAEF-CA96-4181-AC22-FE56D61432E4}) (Version: 14.0.0.332 - Corel Corporation) Hidden
    PSPPHelp (HKLM-x32\...\{00D74A7A-F7AD-4D00-ABD2-0973836292C7}) (Version: 14.0.0.332 - Corel Corporation) Hidden
    PSPPro64 (HKLM\...\{0015DE8E-8D9F-403E-8E5A-4098410E6125}) (Version: 14.0.0.332 - Corel Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
    Setup (HKLM-x32\...\{00D13418-7DDF-4D3D-A237-E297B103BB6B}) (Version: 14.0.0.332 - Corel Corporation) Hidden
    Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
    Should I Remove It (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Stellarium 0.11.2 (HKLM-x32\...\Stellarium_is1) (Version: - )
    SwordSearcher 4.1 Deluxe (HKLM-x32\...\{446E6F82-8899-447D-86EB-2399F453C858}) (Version: 4.1.1001 - Brandon Staggs)
    The Character Creator Add On Pak v4 (HKLM-x32\...\The Character Creator Add On Pak) (Version: v4 - Laughingbird Software)
    The Logo Creator v5 (HKLM-x32\...\The Logo Creator v5) (Version: - )
    The Web Graphics Creator v3 (HKLM-x32\...\The Web Graphics Creator v3) (Version: - )
    TimePassages (HKLM\...\{86498CF1-A12E-4132-9DC2-6093F7427C44}) (Version: 6.0.6 - AstroGraph Software)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
    Zoom (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
    ContextMenuHandlers1: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
    ContextMenuHandlers2: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01DBCFCB-F230-4907-9D83-6AA9D35AC519} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
    Task: {04E949FE-CD0F-42AB-A092-76D7F41B2CC0} - System32\Tasks\{F476F115-DA88-4842-BF3C-FA5C0011125C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Chami\HTML-Kit\Plugins\hkSetupPlus.exe" -d C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yxf5nr0r.default-1449534959428 -c /hkpreg
    Task: {05378750-80D6-4A76-AB25-26F2A98E6336} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2017-08-16] ()
    Task: {0A24C88E-1494-4220-B6BF-F989D7F7A650} - System32\Tasks\Go to RoboForm Install page => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJIMKJNMKMGMGMJMCNMMGMPMGMCNLMHMKJIMCNHMHMKMPMCNHMKJLMKMOJMJJMOJKMJJLMJMJNJICMJMCNGMCNHMHMFMGMCNOMOMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMALIIBJKJNIJNKJCMJNNICMJNDJCMKJBJ"
    Task: {129535C6-9C98-470A-9221-9EDD51FA8482} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-06-11] (AVAST Software)
    Task: {29EAE298-6871-465F-BFCF-31EC6AFC560A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {4B8D0910-1505-4952-B0E6-7A984E3A14DE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-12-12] (Siber Systems)
    Task: {4BCF080B-A1F2-460F-BB01-3751162A0FD6} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13] (AVAST Software)
    Task: {5DC58CD3-2FEE-46A7-ADA7-AA6A349CD151} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
    Task: {7C0341C5-E113-43B2-93BE-A77A3DE0F6A0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-08] (AVAST Software)
    Task: {84A9A09A-8B83-4C32-9684-36C80A1AA5A6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-17] (AVAST Software)
    Task: {8824D666-AA70-4FB0-8F95-11B66BB6D2B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
    Task: {8C06F927-2B3E-4908-9749-BF520540A0E6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13] (AVAST Software)
    Task: {A4F5C9D2-BF30-4157-B6A0-6FBF6969080D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
    Task: {AE01A8DE-72F8-45F7-AE17-A5A1EEA36026} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
    Task: {BFD5EBCB-C035-4B7B-8F6F-616F3C2EB7EA} - System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2009-01-26] (Safer Networking Limited)
    Task: {CB9F60F3-21A7-4141-A9E9-753F7055C958} - System32\Tasks\{690B8524-1E2C-49C0-AFAE-16359EF3485A} => C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Documents\Products\LaughingBirdSoftware\LogoCreatorV3\WGC1_v3_Setup\WGC1_v3_Setup.exe -d C:\Users\Owner\Documents\Products\LaughingBirdSoftware\LogoCreatorV3\WGC1_v3_Setup
    Task: {D2858E49-7CB5-481B-990C-7B9DD362EE80} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {D6AB093D-C146-4371-8180-A6FC1D65EADF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-18] (Google Inc.)
    Task: {DBECF677-CDAC-4BEF-A26F-D7DC51583562} - System32\Tasks\{6F2BD83F-63BD-4FFD-9FC4-D2227EB8B811} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Task: {E5662D04-B3B9-412D-8547-FEA3B6CFB4B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-16] (Adobe Systems Incorporated)
    Task: {F3CCE017-D338-4F4A-8923-58A2FE611EA1} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26] (Safer Networking Limited)
    Task: {F41ECE15-265F-41FC-A8E9-8E69005CDEA1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {F7B83AE3-847D-4395-9809-37E50BC90CA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-18] (Google Inc.)
    Task: {F8F9CE67-FCD4-4546-A0AD-5248356577FD} - System32\Tasks\{D5FE86F6-DD5B-4899-B7F6-347BD231CBC8} => C:\Windows\system32\pcalua.exe -a E:\AutoRunPro.exe -d E:\

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2015-12-05 13:23 - 2015-10-13 12:26 - 000125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2018-04-08 08:04 - 2018-04-08 08:04 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
    2018-04-08 08:04 - 2018-04-08 08:04 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
    2018-05-17 22:11 - 2018-05-17 22:11 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2018-05-17 22:11 - 2018-05-17 22:11 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2018-05-17 22:12 - 2018-05-17 22:12 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
    2018-05-17 22:11 - 2018-05-17 22:11 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
    2018-05-17 22:11 - 2018-05-17 22:11 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
    2018-06-13 08:44 - 2018-06-13 08:44 - 005839504 _____ () C:\Program Files\AVAST Software\Avast\defs\18061302\algo.dll
    2018-03-08 18:48 - 2018-03-08 18:48 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2018-05-17 22:11 - 2018-05-17 22:11 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7937 more sites.

    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123simsen.com -> www.123simsen.com

    There are 7937 more sites.

    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123simsen.com -> www.123simsen.com

    There are 7936 more sites.

    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123simsen.com -> www.123simsen.com

    There are 7936 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2018-06-14 08:34 - 000454428 ____R C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15598 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Yodi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\CompAdmin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.2.254 - 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{6614473A-4294-47B0-9E72-E30BC34B467C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0A1E5153-E4CF-46CD-9514-8A5F89735CE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{EECDD92A-BE36-4220-A350-1D13AF53A5B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{AF2E9FF9-9E55-4FA3-8B6F-B77B18E779D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{454C2350-8C8F-46ED-A3EA-4B88A6C42634}] => (Allow) LPort=8501
    FirewallRules: [{E9A238A4-E297-4272-8326-EB9D7574919F}] => (Allow) LPort=8501
    FirewallRules: [{97C5FF8C-C541-4A34-B589-DDD1C14F1A54}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{BA9C0542-3115-4648-96A2-80E4989FAF77}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
    FirewallRules: [{5CBBF24A-C064-4A46-8D63-0A80FAF758E4}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
    FirewallRules: [{E861EFF1-A1F3-4885-8061-308C3177226F}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
    FirewallRules: [{D89E41BA-4CF3-41C1-B91D-E2964BC46496}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
    FirewallRules: [{784F969B-3BC5-469C-84D3-E7356BDEA5D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{9ED137DB-1637-4448-9E49-D706B894BD28}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{843BEACA-E1A2-4941-96D3-DEE5F8E23150}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{112AA840-F81D-463E-AD20-F79EDFBA3BE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{E281E9EE-F72C-4BA2-90A0-7C5A2571B6E6}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe

    ==================== Restore Points =========================

    28-05-2018 00:00:02 Scheduled Checkpoint
    04-06-2018 00:00:04 Scheduled Checkpoint
    11-06-2018 00:18:08 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/14/2018 08:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/14/2018 07:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/14/2018 06:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/14/2018 05:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/14/2018 04:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/14/2018 03:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/14/2018 02:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/14/2018 01:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.


    System errors:
    =============
    Error: (06/13/2018 04:40:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    UsbCharger

    Error: (06/13/2018 04:39:50 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 12:36:30 AM on ‎6/‎13/‎2018 was unexpected.

    Error: (06/08/2018 05:36:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    UsbCharger

    Error: (06/08/2018 05:35:56 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:34:26 PM on ‎6/‎8/‎2018 was unexpected.

    Error: (06/08/2018 02:44:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    UsbCharger

    Error: (06/08/2018 02:43:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

    Error: (06/07/2018 05:45:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Application Experience service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (06/07/2018 05:40:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.


    CodeIntegrity:
    ===================================

    Date: 2018-06-05 22:18:22.740
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-06-05 22:18:22.581
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-06-05 22:18:22.423
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-06-05 22:18:22.248
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-06-01 16:35:30.322
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-06-01 16:35:30.176
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-06-01 16:35:30.029
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

    Date: 2018-06-01 16:35:29.881
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    Processor: AMD FX(tm)-6300 Six-Core Processor
    Percentage of memory in use: 32%
    Total physical RAM: 8158.67 MB
    Available physical RAM: 5533.5 MB
    Total Virtual: 16315.52 MB
    Available Virtual: 13537.86 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1862.92 GB) (Free:1544.76 GB) NTFS
    Drive d: () (Fixed) (Total:596.17 GB) (Free:365.06 GB) NTFS ==>[system with boot components (obtained from drive)]

    \\?\Volume{d8f78e62-0eb1-11e4-95a2-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5409BCEB)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================



    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2018-06-14 09:16:12
    -----------------------------
    09:16:12.109 OS Version: Windows x64 6.1.7601 Service Pack 1
    09:16:12.109 Number of processors: 6 586 0x200
    09:16:12.124 ComputerName: OWNER-PC446 UserName: Owner
    09:16:13.731 Initialize success
    09:16:13.762 VM: initialized successfully
    09:16:13.762 VM: Amd CPU supported virtualized
    09:16:21.874 AVAST engine defs: 18061302
    09:16:43.980 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
    09:16:43.980 Disk 0 Vendor: WDC_WD20 01.0 Size: 1907729MB BusType: 11
    09:16:43.980 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
    09:16:43.980 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 11
    09:16:44.089 Disk 0 MBR read successfully
    09:16:44.104 Disk 0 MBR scan
    09:16:44.120 Disk 0 Windows 7 default MBR code
    09:16:44.136 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    09:16:44.151 Disk 0 default boot code
    09:16:44.151 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907626 MB offset 206848
    09:16:44.151 Disk 0 scanning C:\Windows\system32\drivers
    09:16:54.135 Service scanning
    09:17:07.582 Modules scanning
    09:17:07.582 Disk 0 trace - called modules:
    09:17:07.614 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    09:17:07.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e93060]
    09:17:07.614 3 CLASSPNP.SYS[fffff880019a243f] -> nt!IofCallDriver -> [0xfffffa8006e29ac0]
    09:17:07.629 5 amd_xata.sys[fffff88001139d00] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8006e078b0]
    09:17:09.174 AVAST engine scan C:\Windows
    09:17:11.763 AVAST engine scan C:\Windows\system32
    09:18:52.248 AVAST engine scan C:\Windows\system32\drivers
    09:19:01.845 AVAST engine scan C:\Users\Owner
    09:35:19.225 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
    09:35:19.225 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    We need to see if we can get System restore working, it's a valuable tool.

    try to temporarily disable AVAST to see if system restore can complete.
    How to Temporarily Disable your Anti-virus

    AVAST
    Right-click on the avast! icon in system tray. Select avast! shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.
    Remember to enable it again when needed.

    read over the below link and follow Run the System File Checker, i.e., Run sfc /scannow
    Run Check Disk,
    http://www.thewindowsclub.com/system...orking-windows
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Feb 2010
    Posts
    28

    Default

    Hello Juliet, thank you for your quick response.

    Disabling Avast didn't do a thing. (I had actually tried that already) I had also tried logging into Safe Mode to do it, but no joy.

    I ran the command you requested and I got...

    "Windows Resource Protection did not find any integrity violations."

    But I checked again and System Restore does now have a save point from June 11th. (I hadn't checked this for a few days, obviously) That was not there before last week when I had decided that something was definitely not right.

    I tested to see if it would let me manually create a restore point, also, and it was successful.

  4. #4
    Junior Member
    Join Date
    Feb 2010
    Posts
    28

    Default

    Juliet,

    I spoke too soon. It did not successfully create a manually created restore point, it gave an error...

    "The restore point could not be created for the following reason...
    The specified object was not be found. (Ox80042308)
    Please try again."

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I think it's trying

    Have you recently had a windows update and this is the result?

    I really don't want to run any tools without having some sort of backup.

    Let's see if we can get VSS to start
    To restart Volume Shadow Copy Service:

    Type ‘services.msc’ in the search bar from the Start menu and open the Services Manager
    Locate and double-click ‘Volume Shadow Copy Service’.
    Right-click on it and then first Stop the service and then Start it again.

    Try to create a System Restore point now.

    ~~~~~~~~~~~~~~~~~`
    Since I've saved info for the following tool the screen shots might have changed a bit but the procedure should still be the same.

    Please Download Tweaking.com - Windows Repair from Here
    OR
    Windows Repair (all in one) from here.


    Disable all your antivirus and antimalware software - see how to do that here.
    - Right click on and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
    (Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

    - A window will appear. Click Step 2.


    - Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

    - Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

    - Go to Step 3, then click Check in the See If Check Disk Is Needed.

    - If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.


    - Go to Step 4, then click Do It.


    - Go to Step 5. Under System Restore click Create.


    - Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.


    - By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Feb 2010
    Posts
    28

    Default

    Hello

    Before I do all this, I think I should let you know this detail.

    I could not stop Volume Shadow Copy Service from services.msc because it was not started in the first place. I could start it, but since it wasn't started, I couldn't stop it. Should I turn it on and off and then on, then do your list of tasks?

    Jodi

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Should I turn it on and off and then on,
    Yes, let's see if that takes effect.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Feb 2010
    Posts
    28

    Default

    Juliet,

    Sorry I've taken so long. Long busy weekend that extended into Monday.

    I've done all but the Check Disc at Next Boot. Will be doing that when I can close this browser.

    Also, you asked earlier if this happened after a windows update. I haven't updated windows in over a year. Also I run a utility called GWX Control Panel
    I've heard some bad things about Win 10 and really didn't want those nagging updates. My computer ran fine for the last year, using it. The bugginess all just came out of the blue. The link, if you want to see it, is http://blog.ultimateoutsider.com/201...ly-remove.html

    Oh, there were no integrity violations from the system file check.

    Hope you had a good weekend. I'll be back after I reboot and run the file system check.
    Thanks again,
    Jodi

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    How are things this morning?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Feb 2010
    Posts
    28

    Default

    Juliet,

    Ok, Disc Check was STILL running when I went to bed... almost finished, but not quite at 90% at midnight.

    This is the log from tweaking.com program...
    There were ten files in the work folder, this is the one that said, _Windows Repair Log
    Tweaking.com - Windows Repair 2018 (v4.0.20)
    --------------------------------------------------------------------------------

    System Variables
    --------------------------------------------------------------------------------
    Running In Windows Safe Mode: False
    OS: Windows 7 Professional
    OS Architecture: 64-bit
    OS Version: 6.1.7601
    OS Service Pack: Service Pack 1
    Computer Name: OWNER-PC446
    Windows Drive: C:\
    Windows Path: C:\Windows
    Program Files: C:\Program Files
    Program Files (x86): C:\Program Files (x86)
    Current Profile: C:\Users\Owner
    Current Profile SID: S-1-5-21-1769359704-1337508281-3947573860-1000
    Current Profile Classes: S-1-5-21-1769359704-1337508281-3947573860-1000_Classes
    Profiles Location: C:\Users
    Profiles Location 2: C:\Windows\ServiceProfiles
    Local Settings AppData: C:\Users\Owner\AppData\Local
    --------------------------------------------------------------------------------

    System Information
    --------------------------------------------------------------------------------
    System Up Time: 0 Days 09:14:23

    Process Count: 63
    Commit Total: 3.14 GB
    Commit Limit: 15.93 GB
    Commit Peak: 3.16 GB
    Handle Count: 27372
    Kernel Total: 643.70 MB
    Kernel Paged: 524.45 MB
    Kernel Non Paged: 119.26 MB
    System Cache: 5.23 GB
    Thread Count: 1197
    --------------------------------------------------------------------------------

    Memory Before Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 7.97 GB
    Memory Used: 2.78 GB(34.9298%)
    Memory Avail.: 5.18 GB
    --------------------------------------------------------------------------------

    Cleaning Memory Before Starting Repairs...

    Memory After Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 7.97 GB
    Memory Used: 2.46 GB(30.8782%)
    Memory Avail.: 5.51 GB
    --------------------------------------------------------------------------------

    Starting Repairs...
    Started at (6/20/2018 10:14:22 AM)

    Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
    Total Missing 'InstallDate' Fixed: 123

    01 - Reset Registry Permissions
    Restore Windows 7/8/10 Default Registry Permissions
    Start (6/20/2018 10:14:37 AM)


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hku.7z
    Done, 0.21 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hklm.7z
    Done, 2.11 seconds.

    Running Repair Under System Account
    Done (6/20/2018 10:16:16 AM)

    02 - Reset File Permissions
    Restore Windows 7/8/10 Default File Permissions
    Start (6/20/2018 10:16:16 AM)


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\default.7z
    Done, 0.14 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\profile.7z
    Done, 0.13 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\program_files.7z
    Done, 0.14 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\program_files_x86.7z
    Done, 0.14 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\programdata.7z
    Done, 0.13 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\windows.7z
    Done, 1.78 seconds.

    Running Repair Under System Account
    Done (6/20/2018 10:28:36 AM)

    03 - Reset Service Permissions
    Start (6/20/2018 10:28:36 AM)

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:29:47 AM)

    04 - Register System Files
    Start (6/20/2018 10:29:47 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:31:45 AM)

    05 - Repair WMI
    Start (6/20/2018 10:31:45 AM)

    Starting Security Center So We Can Export The Security Info.

    Exporting Antivirus Info...
    Avast Antivirus Exported.
    Malwarebytes Exported.

    Exporting AntiSpyware Info...
    Malwarebytes Exported.
    Windows Defender Exported.
    Avast Antivirus Exported.

    Exporting 3rd Party Firewall Info...
    Avast Antivirus Exported.

    Running Repair Under Current User Account
    Done (6/20/2018 10:33:22 AM)

    06 - Repair Windows Firewall
    Start (6/20/2018 10:33:22 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
    Done, 0.13 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:34:10 AM)

    07 - Repair Internet Explorer
    Start (6/20/2018 10:34:10 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:34:32 AM)

    08 - Repair MDAC/MS Jet
    Start (6/20/2018 10:34:32 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:34:41 AM)

    09 - Repair Hosts File
    Start (6/20/2018 10:34:41 AM)
    Running Repair Under System Account
    Done (6/20/2018 10:34:42 AM)

    10 - Remove Policies Set By Infections
    Start (6/20/2018 10:34:42 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:34:44 AM)

    11 - Repair Start Menu Icons Removed By Infections
    Start (6/20/2018 10:34:44 AM)
    Running Repair Under System Account
    Done (6/20/2018 10:34:45 AM)

    12 - Repair Icons
    Start (6/20/2018 10:34:45 AM)
    Running Repair Under Current User Account
    Done (6/20/2018 10:36:33 AM)

    13 - Repair Network
    Start (6/20/2018 10:36:33 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
    Done, 0.14 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:36:54 AM)

    14 - Remove Temp Files
    Start (6/20/2018 10:36:54 AM)
    Running Repair Under System Account
    Done (6/20/2018 10:36:56 AM)

    15 - Repair Proxy Settings
    Start (6/20/2018 10:36:56 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:36:58 AM)

    16 - Repair Windows Updates
    Start (6/20/2018 10:36:58 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
    Done, 0.13 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
    Done (6/20/2018 10:37:23 AM)

    17 - Repair CD/DVD Missing/Not Working
    Start (6/20/2018 10:37:24 AM)
    iTunes and GEARAspiWDM.sys was found, adding UpperFilters for iTunes Reg Key
    UpperFilters added?: True
    Done (6/20/2018 10:37:24 AM)

    18 - Repair Volume Shadow Copy Service
    Start (6/20/2018 10:37:24 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
    Done, 0.14 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:05 AM)

    19 - Repair Windows Sidebar/Gadgets
    Start (6/20/2018 10:38:05 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:08 AM)

    20 - Repair MSI (Windows Installer)
    Start (6/20/2018 10:38:08 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
    Done, 0.12 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:21 AM)

    21 - Repair Windows Snipping Tool
    Start (6/20/2018 10:38:21 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:23 AM)

    22.01 - Repair bat Association
    Start (6/20/2018 10:38:23 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:25 AM)

    22.02 - Repair cmd Association
    Start (6/20/2018 10:38:25 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:27 AM)

    22.03 - Repair com Association
    Start (6/20/2018 10:38:27 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:29 AM)

    22.04 - Repair Directory Association
    Start (6/20/2018 10:38:30 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:32 AM)

    22.05 - Repair Drive Association
    Start (6/20/2018 10:38:32 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:34 AM)

    22.06 - Repair exe Association
    Start (6/20/2018 10:38:34 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:36 AM)

    22.07 - Repair Folder Association
    Start (6/20/2018 10:38:36 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:38 AM)

    22.08 - Repair inf Association
    Start (6/20/2018 10:38:38 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:40 AM)

    22.09 - Repair lnk (Shortcuts) Association
    Start (6/20/2018 10:38:40 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:43 AM)

    22.10 - Repair msc Association
    Start (6/20/2018 10:38:43 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:45 AM)

    22.11 - Repair reg Association
    Start (6/20/2018 10:38:45 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:47 AM)

    22.12 - Repair scr Association
    Start (6/20/2018 10:38:47 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:49 AM)

    23 - Repair Windows Safe Mode
    Start (6/20/2018 10:38:49 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:38:51 AM)

    24 - Repair Print Spooler
    Start (6/20/2018 10:38:51 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
    Done, 0.14 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:39:07 AM)

    25 - Restore Important Windows Services
    Start (6/20/2018 10:39:07 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
    Done, 0.17 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:39:15 AM)

    26 - Set Windows Services To Default Startup
    Start (6/20/2018 10:39:15 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:39:20 AM)

    27.01 - Repair Windows 8/10 App Store
    Skipping Repair.
    Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
    Current version: 6.1.7601

    28 - Repair Windows 8/10 Component Store
    Skipping Repair.
    Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
    Current version: 6.1.7601

    29 - Restore Windows 8/10 COM+ Unmarshalers
    Skipping Repair.
    Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
    Current version: 6.1.7601

    30 - Repair Windows 'New' Submenu
    Start (6/20/2018 10:39:20 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:39:22 AM)

    31 - Restore UAC (User Account Control) Settings
    Start (6/20/2018 10:39:22 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (6/20/2018 10:39:24 AM)

    32 - Repair Performance Counters
    Start (6/20/2018 10:39:24 AM)
    Running Repair Under Current User Account
    Done (6/20/2018 10:39:32 AM)

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done at (6/20/2018 10:39:32 AM)
    Total Repair Time: 00:25:12


    ...YOU MUST RESTART YOUR SYSTEM...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •