Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible malware from remote access

This is a discussion on Possible malware from remote access within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, Girlfriend took a phone call from "tech support" and was prompted to download and install anydesk and teamview granting


 
 
Thread Tools Search this Thread
Old 05-10-2019, 03:22 PM   #1
Registered Member
 
Join Date: May 2019
Posts: 6
OS:



Hi, Girlfriend took a phone call from "tech support" and was prompted to download and install anydesk and teamview granting remote access to my pc. I deleted the two apps asap just in case. I suspect they have grabbed personal details, some financial info, emails etc. Luckily I don't think there is much data of value but no doubt there is some. I'm concerned they may have left something behind so I'm hoping you can see if there is a problem. No boot disc, PC came preloaded and I didn't create a recovery disc. Many thanks in advance. FRST details as follows.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05.2019
Ran by Namron (administrator) on NAMRON-HP (Hewlett-Packard CQ1251AN) (11-05-2019 07:24:27)
Running from C:\Users\Namron\Desktop
Loaded Profiles: Namron (Available Profiles: Namron)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(PDF Complete -> PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ruiware, LLC -> Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-04] (Advanced Micro Devices, Inc.) [File not signed]
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-13] (PDF Complete -> PDF Complete Inc)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3265950178-1640898732-4156275634-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-08] (Ruiware, LLC -> Ruiware)
HKU\S-1-5-21-3265950178-1640898732-4156275634-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-03] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}] -> msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-29] (Microsoft Corporation -> Microsoft Corp.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {22069C0F-67C1-4EE7-AF3F-3FA7334CAB7D} - System32\Tasks\HPCeeScheduleForNamron => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [95800 2011-07-15] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {2312143A-8C08-416E-B6F3-AC7A354366EF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {2923A620-ED58-45EF-A0A2-3603638C50B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [729656 2011-09-10] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {6D1B5EC3-1DC9-443A-8D35-1B5EB3A54F55} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [850488 2011-06-15] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {8D066666-CDBF-494B-875E-877FD28277C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [7255608 2011-09-10] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {90ECACBF-B8FA-4284-8416-917F9B243B1D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {92F11499-F45D-43CC-9F07-F93606CD653D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [7255608 2011-09-10] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {9AEF6601-9A57-465B-9675-3A4D34F8F4A7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {A8BD3414-6D5D-4C70-BF18-EB1C750E75DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-02-17] (Google Inc -> Google Inc.)
Task: {BBF8F30F-4362-467B-8A1A-612DADC4FA49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-02-17] (Google Inc -> Google Inc.)
Task: {ECC00B30-41D0-457B-A268-784C4A6454B7} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [517416 2011-08-24] (CyberLink -> CyberLink)
Task: {EE464640-E552-4836-B209-5090F9DACF80} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [17976 2011-03-23] (Hewlett-Packard Company -> Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForNamron.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 104.24.98.152 ddlvalley.me
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{CE21100D-D68B-49B8-823B-21625958D323}: [DhcpNameServer] 10.1.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3265950178-1640898732-4156275634-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.optus.com.au/
HKU\S-1-5-21-3265950178-1640898732-4156275634-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/CQALL/44
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
SearchScopes: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> )
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-02] (Microsoft Corporation -> Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-02] (Microsoft Corporation -> Microsoft Corporation.)
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> )
Toolbar: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FireFox:
========
FF DefaultProfile: 6xhhjtgj.default
FF ProfilePath: C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default [2019-05-11]
FF Homepage: Mozilla\Firefox\Profiles\6xhhjtgj.default -> hxxps://www.optus.com.au/
FF NewTab: Mozilla\Firefox\Profiles\6xhhjtgj.default -> about:newtab
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\[email protected] [2019-05-10]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\[email protected] [2019-05-07]
FF Extension: (AdBlock) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\[email protected] [2019-05-03]
FF Extension: (MyJDownloader Browser Extension) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\[email protected] [2018-11-10] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\[email protected] [2019-02-05]
FF Extension: (Avast Online Security) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\[email protected] [2019-04-29]
FF Extension: (NoScript) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-04-11]
FF Extension: (Video DownloadHelper) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-11-07]
FF Extension: (Baidu Search Update) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\features\{bee8d6f6-547b-41bf-8a96-3d15094d25d8}\[email protected] [2019-05-04]
FF SearchPlugin: C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\searchplugins\google-avast.xml [2019-05-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2019-04-13] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\[email protected]
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\[email protected] [2019-04-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\[email protected]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @Videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @wildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] (WildTangent Inc -> )

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default [2019-05-10]
CHR Extension: (Slides) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-17]
CHR Extension: (Docs) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-17]
CHR Extension: (Google Drive) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-17]
CHR Extension: (YouTube) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-17]
CHR Extension: (Foxit PDF Creator) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2019-05-10]
CHR Extension: (Sheets) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-03]
CHR Extension: (Avast Online Security) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-17]
CHR Extension: (Gmail) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-10]
CHR Extension: (Chrome Media Router) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-10]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2019-04-13]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2019-04-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [204288 2011-09-05] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-17] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-13] (PDF Complete -> PDF Complete Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9359872 2011-09-05] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [309760 2011-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [78976 2011-05-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [38528 2011-05-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254128 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320624 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [257832 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1031000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476776 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [220640 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [385848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 usbfilter; C:\Windows\system32\drivers\usbfilter.sys [47232 2011-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-11 07:24 - 2019-05-11 07:26 - 000027236 _____ C:\Users\Namron\Desktop\FRST.txt
2019-05-11 07:24 - 2019-05-11 07:24 - 000000000 ____D C:\FRST
2019-05-11 07:19 - 2019-05-11 07:20 - 002430976 _____ (Farbar) C:\Users\Namron\Desktop\FRST64.exe
2019-05-11 06:30 - 2019-05-11 06:30 - 000000000 ____D C:\Users\Namron\Downloads\Backup6
2019-05-11 00:24 - 2019-05-11 06:31 - 000000000 ____D C:\Users\Namron\Downloads\DPE13MC
2019-05-11 00:17 - 2019-05-11 00:19 - 035583976 _____ (SecureMix LLC) C:\Users\Namron\Downloads\GlassWireSetup.exe
2019-05-10 21:51 - 2019-05-10 21:51 - 000000000 ____D C:\Users\Namron\AppData\Local\{3186B7B3-A3C3-43D9-BD45-C926D734CF2B}
2019-05-10 18:10 - 2019-05-10 18:10 - 000000000 ____D C:\Users\Namron\AppData\Local\{68E10EDD-AC8B-4217-9520-4D7D70948976}
2019-05-10 17:33 - 2019-05-10 17:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-05-10 14:04 - 2019-05-10 14:04 - 000000000 ____D C:\Users\Namron\AppData\Local\{68CF7436-F5CD-475E-B9DC-E26ACDEA0C39}
2019-05-10 12:49 - 2019-05-10 12:49 - 000000000 ____D C:\Users\Namron\AppData\Local\TeamViewer
2019-05-10 12:19 - 2019-05-10 13:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-05-10 12:19 - 2019-05-10 12:32 - 000000000 ____D C:\Users\Namron\AppData\Roaming\TeamViewer
2019-05-10 12:04 - 2019-05-10 13:43 - 000000000 ____D C:\ProgramData\AnyDesk
2019-05-10 12:02 - 2019-05-10 13:44 - 000000000 ____D C:\Users\Namron\AppData\Roaming\AnyDesk
2019-05-08 16:36 - 2019-05-08 16:36 - 000000000 ____D C:\Users\Namron\AppData\Local\{4F4839C4-F01D-4FE7-9230-46479E1B3083}
2019-05-08 16:34 - 2019-05-08 16:34 - 000001091 _____ C:\Users\Public\Desktop\Foxit PhantomPDF.lnk
2019-05-08 16:34 - 2019-05-08 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2019-05-08 16:10 - 2019-05-08 16:10 - 000000000 ____D C:\Users\Namron\AppData\Local\{B463E6E3-1533-4721-8085-ECFEA5F1E141}
2019-05-08 16:00 - 2019-05-08 16:00 - 000001357 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2019-05-08 15:59 - 2019-05-08 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2019-05-08 15:58 - 2019-05-08 16:33 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2019-05-08 15:08 - 2019-05-08 15:08 - 000000000 ____D C:\Users\Namron\AppData\Local\Foxit Reader
2019-05-08 15:06 - 2019-05-08 15:07 - 001715457 _____ C:\Users\Namron\Downloads\blu-bd1000_user_manual_v4.pdf
2019-05-08 11:16 - 2019-05-08 11:16 - 000000000 ____D C:\Users\Namron\AppData\Local\{7C8416AD-AA24-48BF-954D-758FBD10ED67}
2019-04-25 08:15 - 2019-04-25 08:14 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-04-23 23:07 - 2019-04-23 23:07 - 000000000 ____D C:\Users\Namron\AppData\Local\{5F34E564-1E84-43B0-8AEE-BF3AD766623B}
2019-04-14 12:50 - 2019-04-14 12:50 - 000001749 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-04-14 12:50 - 2019-04-14 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-04-14 12:50 - 2019-04-14 12:50 - 000000000 ____D C:\Program Files\iPod
2019-04-14 12:49 - 2019-04-14 12:50 - 000000000 ____D C:\Program Files\iTunes
2019-04-13 05:54 - 2019-04-25 08:15 - 000000077 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2019-04-12 20:16 - 2019-04-12 20:16 - 000000000 ____D C:\Users\Namron\AppData\Local\{F8F13607-B86F-41F2-97E5-C883E21E3520}

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-11 07:23 - 2018-11-07 02:50 - 000000000 ____D C:\Users\Namron\AppData\LocalLow\Mozilla
2019-05-11 07:19 - 2018-11-07 03:11 - 000000000 ____D C:\Users\Namron\AppData\Local\JDownloader 2.0
2019-05-11 06:39 - 2009-07-14 14:45 - 000024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-11 06:39 - 2009-07-14 14:45 - 000024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-10 21:13 - 2009-07-14 15:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-10 21:13 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\inf
2019-05-10 21:08 - 2018-11-08 20:56 - 000000000 ____D C:\Users\Namron\dwhelper
2019-05-10 18:12 - 2018-12-23 11:24 - 000000000 ____D C:\Users\Public\Foxit Software
2019-05-10 18:12 - 2018-12-23 11:24 - 000000000 ____D C:\ProgramData\Foxit Software
2019-05-10 16:42 - 2018-11-06 13:18 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{206A7886-AB91-4ED5-AE91-65CEC4FD4D7C}
2019-05-10 14:04 - 2018-11-06 13:21 - 000058016 _____ C:\Users\Namron\AppData\Local\GDIPFONTCACHEV1.DAT
2019-05-10 13:49 - 2018-11-07 02:50 - 000001023 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-05-10 13:49 - 2018-11-07 02:50 - 000001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-10 13:04 - 2019-02-17 07:04 - 000000000 ____D C:\Users\Namron\AppData\Local\Google
2019-05-10 12:52 - 2018-11-07 02:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-10 08:44 - 2018-11-07 16:44 - 000000000 ____D C:\Users\Namron\AppData\Roaming\vlc
2019-05-09 09:26 - 2018-11-14 08:04 - 000003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNamron
2019-05-09 09:26 - 2018-11-14 08:04 - 000000336 _____ C:\Windows\Tasks\HPCeeScheduleForNamron.job
2019-05-08 20:53 - 2018-12-23 12:05 - 000000000 ____D C:\Users\Namron\Downloads\1.MusicAndAudio
2019-05-08 16:36 - 2018-12-23 11:23 - 000000000 ____D C:\Users\Namron\AppData\Roaming\Foxit Software
2019-05-08 16:30 - 2018-11-23 18:06 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-08 09:17 - 2018-11-07 08:03 - 000000000 ____D C:\Users\Namron\AppData\Roaming\HpUpdate
2019-05-08 09:17 - 2018-11-07 08:03 - 000000000 ____D C:\Users\Namron\AppData\Roaming\HP Support Assistant
2019-05-07 07:44 - 2012-05-30 10:16 - 000000000 ____D C:\ProgramData\PDFC
2019-05-04 19:15 - 2018-12-23 12:05 - 000000000 ____D C:\Users\Namron\Downloads\2.Books
2019-05-04 07:47 - 2019-01-17 04:13 - 000000000 ____D C:\Users\Namron\Downloads\3.Apps
2019-05-03 08:17 - 2019-02-17 07:04 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-03 08:17 - 2019-02-17 07:04 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-02 21:29 - 2009-07-14 15:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-02 21:14 - 2018-11-07 02:22 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-04-25 08:15 - 2018-11-07 02:22 - 000476776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-04-25 08:15 - 2018-11-07 02:22 - 000385848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-04-25 08:14 - 2019-02-15 10:43 - 000257832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-04-25 08:14 - 2019-01-15 06:21 - 000254128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-04-25 08:14 - 2019-01-05 05:25 - 000320624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-04-25 08:14 - 2019-01-05 05:25 - 000196000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-04-25 08:14 - 2019-01-05 05:25 - 000057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-04-25 08:14 - 2019-01-05 05:25 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-04-25 08:14 - 2018-11-07 02:22 - 000220640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-04-25 08:14 - 2018-11-07 02:22 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-04-25 08:14 - 2018-11-07 02:22 - 000166848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-04-25 08:14 - 2018-11-07 02:22 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-04-25 08:14 - 2018-11-07 02:22 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-04-25 08:14 - 2018-11-07 02:22 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-04-25 08:14 - 2018-11-07 02:21 - 001031000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-04-21 15:46 - 2018-11-09 09:38 - 000000000 ____D C:\Users\Namron\Downloads\Pron
2019-04-11 11:03 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\rescache
2019-04-11 03:39 - 2009-07-14 14:45 - 000267672 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-11 03:11 - 2018-11-06 15:26 - 000000000 ____D C:\Windows\system32\MRT
2019-04-11 03:02 - 2018-11-06 15:26 - 131129288 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-03 21:13
==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (48.0 KB, 5 views)
timbon is offline  
Sponsored Links
Advertisement
 
Old 05-11-2019, 07:17 AM   #2
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi timbon, Welcome to the TSF malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.

  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 5 days, it will be closed.
    • If your topic is closed and you still need assistance, send me or any Moderator a Private Message with a link to your topic.

  • If you have questions at any time during the cleanup, feel free to ask.

--------------------

Did you add this line to the Hosts file?

Hosts: 104.24.98.152 ddlvalley.me

--------------------

Farbar Recovery Scan Tool - Fix
  • Press the Windows Key + R.
  • Type notepad in the Run box and click OK.
  • Copy the contents of the below code box to the new text file:
    Code:
    Start
    
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
    SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
    SearchScopes: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
    Toolbar: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    2019-05-10 12:49 - 2019-05-10 12:49 - 000000000 ____D C:\Users\Namron\AppData\Local\TeamViewer
    2019-05-10 12:19 - 2019-05-10 13:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2019-05-10 12:19 - 2019-05-10 12:32 - 000000000 ____D C:\Users\Namron\AppData\Roaming\TeamViewer
    
    Folder: C:\Users\Namron\AppData\Local\{F8F13607-B86F-41F2-97E5-C883E21E3520}
    Folder: C:\ProgramData\PDFC
    
    End
  • Click on File > Save. Save the file as fixlist.txt to the same location as FRST.exe/FRST64.exe.
  • NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait.
  • Allow your computer to restart if prompted.
  • When the fix is complete, the tool will create a log in the same location it was run from. (Fixlog.txt)
  • Copy and paste the contents of fixlog.txt into your next reply.
iMacg3 is offline  
Old 05-11-2019, 03:33 PM   #3
Registered Member
 
Join Date: May 2019
Posts: 6
OS:



Hi iMacg3


Many thanks for your assistance.


Yes, I added that entry to the Hosts file.
Fixlog contents follow.



Fix result of Farbar Recovery Scan Tool (x64) Version: 11-05.2019
Ran by Namron (12-05-2019 08:14:08) Run:1
Running from C:\Users\Namron\Desktop
Loaded Profiles: Namron (Available Profiles: Namron)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
SearchScopes: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
Toolbar: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2019-05-10 12:49 - 2019-05-10 12:49 - 000000000 ____D C:\Users\Namron\AppData\Local\TeamViewer
2019-05-10 12:19 - 2019-05-10 13:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-05-10 12:19 - 2019-05-10 12:32 - 000000000 ____D C:\Users\Namron\AppData\Roaming\TeamViewer

Folder: C:\Users\Namron\AppData\Local\{F8F13607-B86F-41F2-97E5-C883E21E3520}
Folder: C:\ProgramData\PDFC

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => removed successfully
HKLM\Software\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => not found
HKU\S-1-5-21-3265950178-1640898732-4156275634-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => removed successfully
HKLM\Software\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => not found
"HKU\S-1-5-21-3265950178-1640898732-4156275634-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
HKLM\Software\MozillaPlugins @microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins @microsoft.com/GENUINE => removed successfully
C:\Users\Namron\AppData\Local\TeamViewer => moved successfully
C:\Program Files (x86)\TeamViewer => moved successfully
C:\Users\Namron\AppData\Roaming\TeamViewer => moved successfully

========================= Folder: C:\Users\Namron\AppData\Local\{F8F13607-B86F-41F2-97E5-C883E21E3520} ========================


====== End of Folder: ======


========================= Folder: C:\ProgramData\PDFC ========================

2012-05-30 10:16 - 2012-05-30 10:17 - 000000000 ____D [00000000000000000000000000000000] () C:\ProgramData\PDFC\Patch

====== End of Folder: ======


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 61589617 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 75261434 B
Edge => 0 B
Chrome => 16075003 B
Firefox => 193480565 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 3904225 B
systemprofile32 => 3953645 B
LocalService => 0 B
NetworkService => 5404 B
Namron => 571084302 B

RecycleBin => 50903595176 B
EmptyTemp: => 48.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:16:07 ====
timbon is offline  
Sponsored Links
Advertisement
 
Old 05-11-2019, 05:06 PM   #4
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi,

Download AdwCleaner and save it to your Desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.

Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).

-------------------------------------------------------------------

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.
iMacg3 is offline  
Old 05-12-2019, 12:21 AM   #5
Registered Member
 
Join Date: May 2019
Posts: 6
OS:



Hi,


No threats detected with esetonlinescanner; Adwcleaner logfile follows.


# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-12-2019
# Duration: 00:00:06
# OS: Windows 7 Home Premium
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\Users\Public\Desktop\eBay.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1296 octets] - [12/05/2019 10:59:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
timbon is offline  
Old 05-12-2019, 07:55 AM   #6
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi,


  • Right-click FRST/FRST64 and select Run as Administrator.
  • Ensure Addition.txt is checked and click Scan.
  • Once the scan is complete, click OK to the "Scan Complete" message box and OK to the Addition.txt box.
  • Two reports will be open in Notepad.
  • Copy and paste their contents into your next reply.


Let me know how the computer is doing.
iMacg3 is offline  
Old 05-12-2019, 03:01 PM   #7
Registered Member
 
Join Date: May 2019
Posts: 6
OS:



Hi,


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-05.2019
Ran by Namron (administrator) on NAMRON-HP (Hewlett-Packard CQ1251AN) (13-05-2019 07:41:43)
Running from C:\Users\Namron\Desktop
Loaded Profiles: Namron (Available Profiles: Namron)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(PDF Complete -> PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ruiware, LLC -> Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-04] (Advanced Micro Devices, Inc.) [File not signed]
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-13] (PDF Complete -> PDF Complete Inc)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3265950178-1640898732-4156275634-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-08] (Ruiware, LLC -> Ruiware)
HKU\S-1-5-21-3265950178-1640898732-4156275634-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-03] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}] -> msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-29] (Microsoft Corporation -> Microsoft Corp.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {22069C0F-67C1-4EE7-AF3F-3FA7334CAB7D} - System32\Tasks\HPCeeScheduleForNamron => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [95800 2011-07-15] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {2312143A-8C08-416E-B6F3-AC7A354366EF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {2923A620-ED58-45EF-A0A2-3603638C50B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [729656 2011-09-10] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {6D1B5EC3-1DC9-443A-8D35-1B5EB3A54F55} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [850488 2011-06-15] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {8D066666-CDBF-494B-875E-877FD28277C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [7255608 2011-09-10] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {90ECACBF-B8FA-4284-8416-917F9B243B1D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {92F11499-F45D-43CC-9F07-F93606CD653D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [7255608 2011-09-10] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {9AEF6601-9A57-465B-9675-3A4D34F8F4A7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {A8BD3414-6D5D-4C70-BF18-EB1C750E75DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-02-17] (Google Inc -> Google Inc.)
Task: {BBF8F30F-4362-467B-8A1A-612DADC4FA49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-02-17] (Google Inc -> Google Inc.)
Task: {ECC00B30-41D0-457B-A268-784C4A6454B7} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [517416 2011-08-24] (CyberLink -> CyberLink)
Task: {EE464640-E552-4836-B209-5090F9DACF80} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [17976 2011-03-23] (Hewlett-Packard Company -> Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForNamron.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 104.24.98.152 ddlvalley.me
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{CE21100D-D68B-49B8-823B-21625958D323}: [DhcpNameServer] 10.1.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3265950178-1640898732-4156275634-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.optus.com.au/
HKU\S-1-5-21-3265950178-1640898732-4156275634-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/CQALL/44
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKU\S-1-5-21-3265950178-1640898732-4156275634-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> )
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-02] (Microsoft Corporation -> Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-02] (Microsoft Corporation -> Microsoft Corporation.)
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> )

FireFox:
========
FF DefaultProfile: 6xhhjtgj.default
FF ProfilePath: C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default [2019-05-13]
FF Homepage: Mozilla\Firefox\Profiles\6xhhjtgj.default -> hxxps://www.optus.com.au/
FF NewTab: Mozilla\Firefox\Profiles\6xhhjtgj.default -> about:newtab
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\[email protected] [2019-05-10]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\[email protected] [2019-05-07]
FF Extension: (AdBlock) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\[email protected] [2019-05-03]
FF Extension: (MyJDownloader Browser Extension) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\[email protected] [2018-11-10] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\[email protected] [2019-02-05]
FF Extension: (Avast Online Security) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\[email protected] [2019-04-29]
FF Extension: (NoScript) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-04-11]
FF Extension: (Video DownloadHelper) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-11-07]
FF Extension: (Baidu Search Update) - C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\features\{022f680c-021c-4d38-ad81-b5e59dbfa4c0}\[email protected] [2019-05-11]
FF SearchPlugin: C:\Users\Namron\AppData\Roaming\Mozilla\Firefox\Profiles\6xhhjtgj.default\searchplugins\google-avast.xml [2019-05-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2019-04-13] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\[email protected]
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\[email protected] [2019-04-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\[email protected]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @Videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @wildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] (WildTangent Inc -> )

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default [2019-05-12]
CHR Extension: (Slides) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-17]
CHR Extension: (Docs) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-17]
CHR Extension: (Google Drive) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-17]
CHR Extension: (YouTube) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-17]
CHR Extension: (Foxit PDF Creator) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2019-05-10]
CHR Extension: (Sheets) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-03]
CHR Extension: (Avast Online Security) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-17]
CHR Extension: (Gmail) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-10]
CHR Extension: (Chrome Media Router) - C:\Users\Namron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-10]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2019-04-13]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2019-04-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [204288 2011-09-05] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-17] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-13] (PDF Complete -> PDF Complete Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9359872 2011-09-05] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [309760 2011-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [78976 2011-05-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [38528 2011-05-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37104 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205400 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254128 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320624 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [57888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [257832 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1031000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476776 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [220640 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [385848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 usbfilter; C:\Windows\system32\drivers\usbfilter.sys [47232 2011-05-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-12 21:52 - 2019-05-12 21:52 - 000000000 ____D C:\Users\Namron\AppData\Local\{CB0B6F48-6D2C-42A4-81D0-A5B68A96C984}
2019-05-12 21:39 - 2019-05-12 21:39 - 000000000 ____D C:\Users\Namron\AppData\Local\{BFD157DF-A2F7-40B3-AFDB-6D673D1F6879}
2019-05-12 11:09 - 2019-05-12 11:09 - 000000000 ____D C:\Users\Namron\AppData\Local\ESET
2019-05-12 11:05 - 2019-05-12 11:05 - 000001462 _____ C:\Users\Namron\Desktop\AdwCleaner[C00].txt
2019-05-12 10:58 - 2019-05-12 11:02 - 000000000 ____D C:\AdwCleaner
2019-05-12 10:56 - 2019-05-12 10:56 - 007657592 _____ (ESET spol. s r.o.) C:\Users\Namron\Desktop\esetonlinescanner_enu.exe
2019-05-12 10:55 - 2019-05-12 10:56 - 007025360 _____ (Malwarebytes) C:\Users\Namron\Desktop\AdwCleaner.exe
2019-05-12 08:14 - 2019-05-12 08:16 - 000003921 _____ C:\Users\Namron\Desktop\Fixlog.txt
2019-05-12 08:12 - 2019-05-12 08:12 - 000000000 ____D C:\Users\Namron\Desktop\FRST-OlderVersion
2019-05-12 08:04 - 2019-05-12 08:04 - 000000000 ____D C:\Users\Namron\AppData\Local\{3B61054E-DA18-462C-A850-798F589A3E69}
2019-05-11 13:28 - 2019-05-12 21:54 - 000000000 ____D C:\Users\Namron\Downloads\DDLValley me Maer me 2016 S03E22 HDTV x264-SVA
2019-05-11 10:55 - 2019-05-11 10:55 - 000000000 ____D C:\Users\Namron\AppData\Local\{2AC5402B-9394-4E07-8C15-E87DECCAF153}
2019-05-11 08:59 - 2019-05-11 08:59 - 000000000 ____D C:\Users\Namron\AppData\Local\{61216188-BA2D-4613-BB34-C03B234C020F}
2019-05-11 07:53 - 2019-05-11 07:53 - 000000000 ____D C:\Users\Namron\AppData\Local\{19B45F69-3CBA-4EB8-9332-6A533F399CC8}
2019-05-11 07:26 - 2019-05-11 07:29 - 000049202 _____ C:\Users\Namron\Desktop\Addition.txt
2019-05-11 07:24 - 2019-05-13 07:43 - 000026941 _____ C:\Users\Namron\Desktop\FRST.txt
2019-05-11 07:24 - 2019-05-13 07:41 - 000000000 ____D C:\FRST
2019-05-11 07:19 - 2019-05-12 08:12 - 002430976 _____ (Farbar) C:\Users\Namron\Desktop\FRST64.exe
2019-05-11 06:30 - 2019-05-11 06:30 - 000000000 ____D C:\Users\Namron\Downloads\Backup6
2019-05-11 00:17 - 2019-05-11 00:19 - 035583976 _____ (SecureMix LLC) C:\Users\Namron\Downloads\GlassWireSetup.exe
2019-05-10 21:51 - 2019-05-10 21:51 - 000000000 ____D C:\Users\Namron\AppData\Local\{3186B7B3-A3C3-43D9-BD45-C926D734CF2B}
2019-05-10 18:10 - 2019-05-10 18:10 - 000000000 ____D C:\Users\Namron\AppData\Local\{68E10EDD-AC8B-4217-9520-4D7D70948976}
2019-05-10 17:33 - 2019-05-12 08:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-05-10 14:04 - 2019-05-10 14:04 - 000000000 ____D C:\Users\Namron\AppData\Local\{68CF7436-F5CD-475E-B9DC-E26ACDEA0C39}
2019-05-10 12:04 - 2019-05-10 13:43 - 000000000 ____D C:\ProgramData\AnyDesk
2019-05-10 12:02 - 2019-05-10 13:44 - 000000000 ____D C:\Users\Namron\AppData\Roaming\AnyDesk
2019-05-08 16:36 - 2019-05-08 16:36 - 000000000 ____D C:\Users\Namron\AppData\Local\{4F4839C4-F01D-4FE7-9230-46479E1B3083}
2019-05-08 16:34 - 2019-05-08 16:34 - 000001091 _____ C:\Users\Public\Desktop\Foxit PhantomPDF.lnk
2019-05-08 16:34 - 2019-05-08 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2019-05-08 16:10 - 2019-05-08 16:10 - 000000000 ____D C:\Users\Namron\AppData\Local\{B463E6E3-1533-4721-8085-ECFEA5F1E141}
2019-05-08 16:00 - 2019-05-08 16:00 - 000001357 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2019-05-08 15:59 - 2019-05-08 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2019-05-08 15:58 - 2019-05-08 16:33 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2019-05-08 15:08 - 2019-05-08 15:08 - 000000000 ____D C:\Users\Namron\AppData\Local\Foxit Reader
2019-05-08 15:06 - 2019-05-08 15:07 - 001715457 _____ C:\Users\Namron\Downloads\blu-bd1000_user_manual_v4.pdf
2019-05-08 11:16 - 2019-05-08 11:16 - 000000000 ____D C:\Users\Namron\AppData\Local\{7C8416AD-AA24-48BF-954D-758FBD10ED67}
2019-04-25 08:15 - 2019-04-25 08:14 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-04-23 23:07 - 2019-04-23 23:07 - 000000000 ____D C:\Users\Namron\AppData\Local\{5F34E564-1E84-43B0-8AEE-BF3AD766623B}
2019-04-14 12:50 - 2019-04-14 12:50 - 000001749 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-04-14 12:50 - 2019-04-14 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-04-14 12:50 - 2019-04-14 12:50 - 000000000 ____D C:\Program Files\iPod
2019-04-14 12:49 - 2019-04-14 12:50 - 000000000 ____D C:\Program Files\iTunes
2019-04-13 05:54 - 2019-04-25 08:15 - 000000077 _____ C:\Windows\system32\Drivers\aswSP.sys.sum

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-13 07:40 - 2018-11-07 03:11 - 000000000 ____D C:\Users\Namron\AppData\Local\JDownloader 2.0
2019-05-12 21:55 - 2018-11-07 02:50 - 000000000 ____D C:\Users\Namron\AppData\LocalLow\Mozilla
2019-05-12 18:28 - 2018-11-07 16:44 - 000000000 ____D C:\Users\Namron\AppData\Roaming\vlc
2019-05-12 18:05 - 2018-11-06 13:18 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{206A7886-AB91-4ED5-AE91-65CEC4FD4D7C}
2019-05-12 17:54 - 2018-11-08 20:56 - 000000000 ____D C:\Users\Namron\dwhelper
2019-05-12 11:12 - 2009-07-14 14:45 - 000024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-12 11:12 - 2009-07-14 14:45 - 000024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-12 11:08 - 2009-07-14 15:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-12 11:08 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\inf
2019-05-12 11:03 - 2012-05-30 10:16 - 000000000 ____D C:\ProgramData\PDFC
2019-05-12 11:03 - 2009-07-14 15:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-12 08:18 - 2009-07-14 14:45 - 000267672 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-12 08:17 - 2018-11-07 02:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-10 18:12 - 2018-12-23 11:24 - 000000000 ____D C:\Users\Public\Foxit Software
2019-05-10 18:12 - 2018-12-23 11:24 - 000000000 ____D C:\ProgramData\Foxit Software
2019-05-10 14:04 - 2018-11-06 13:21 - 000058016 _____ C:\Users\Namron\AppData\Local\GDIPFONTCACHEV1.DAT
2019-05-10 13:49 - 2018-11-07 02:50 - 000001023 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-05-10 13:49 - 2018-11-07 02:50 - 000001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-10 13:04 - 2019-02-17 07:04 - 000000000 ____D C:\Users\Namron\AppData\Local\Google
2019-05-09 09:26 - 2018-11-14 08:04 - 000003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNamron
2019-05-09 09:26 - 2018-11-14 08:04 - 000000336 _____ C:\Windows\Tasks\HPCeeScheduleForNamron.job
2019-05-08 20:53 - 2018-12-23 12:05 - 000000000 ____D C:\Users\Namron\Downloads\1.MusicAndAudio
2019-05-08 16:36 - 2018-12-23 11:23 - 000000000 ____D C:\Users\Namron\AppData\Roaming\Foxit Software
2019-05-08 16:30 - 2018-11-23 18:06 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-08 09:17 - 2018-11-07 08:03 - 000000000 ____D C:\Users\Namron\AppData\Roaming\HpUpdate
2019-05-08 09:17 - 2018-11-07 08:03 - 000000000 ____D C:\Users\Namron\AppData\Roaming\HP Support Assistant
2019-05-04 19:15 - 2018-12-23 12:05 - 000000000 ____D C:\Users\Namron\Downloads\2.Books
2019-05-04 07:47 - 2019-01-17 04:13 - 000000000 ____D C:\Users\Namron\Downloads\3.Apps
2019-05-03 08:17 - 2019-02-17 07:04 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-03 08:17 - 2019-02-17 07:04 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-02 21:14 - 2018-11-07 02:22 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-04-25 08:15 - 2018-11-07 02:22 - 000476776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-04-25 08:15 - 2018-11-07 02:22 - 000385848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-04-25 08:14 - 2019-02-15 10:43 - 000257832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-04-25 08:14 - 2019-01-15 06:21 - 000254128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-04-25 08:14 - 2019-01-05 05:25 - 000320624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-04-25 08:14 - 2019-01-05 05:25 - 000196000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-04-25 08:14 - 2019-01-05 05:25 - 000057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-04-25 08:14 - 2019-01-05 05:25 - 000037104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-04-25 08:14 - 2018-11-07 02:22 - 000220640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-04-25 08:14 - 2018-11-07 02:22 - 000205400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-04-25 08:14 - 2018-11-07 02:22 - 000166848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-04-25 08:14 - 2018-11-07 02:22 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-04-25 08:14 - 2018-11-07 02:22 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-04-25 08:14 - 2018-11-07 02:22 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-04-25 08:14 - 2018-11-07 02:21 - 001031000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-04-21 15:46 - 2018-11-09 09:38 - 000000000 ____D C:\Users\Namron\Downloads\Pron

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-13 00:56
==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05.2019
Ran by Namron (13-05-2019 07:44:36)
Running from C:\Users\Namron\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-11-06 03:13:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3265950178-1640898732-4156275634-500 - Administrator - Disabled)
Guest (S-1-5-21-3265950178-1640898732-4156275634-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3265950178-1640898732-4156275634-1002 - Limited - Enabled)
Namron (S-1-5-21-3265950178-1640898732-4156275634-1001 - Administrator - Enabled) => C:\Users\Namron

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}) (Version: 10.3.181.14 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{37C7C98A-3857-B7D4-D7BD-F0E8179E8AFD}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-95c07e53-5190-4a40-8f37-aa688919cc24) (Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Blackhawk Striker 2 (HKLM-x32\...\WTA-84bbc170-8490-4e01-814e-d224d0f9faf2) (Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Chuzzle Deluxe (HKLM-x32\...\WTA-f3b45535-483d-4d0b-ad22-e4df9f29dc1b) (Version: 2.2.0.95 - WildTangent) Hidden
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
Cradle of Rome 2 (HKLM-x32\...\WTA-28845a0b-d4af-4a22-bf10-103fc9454b2a) (Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (HKLM-x32\...\WTA-f1aea81f-c2ab-4c91-a8a9-38e5c07e4d0c) (Version: 2.2.0.95 - WildTangent) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (HKLM-x32\...\WTA-75f76e95-6907-46ca-a67b-67d0b071f045) (Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (HKLM-x32\...\WTA-15cf20bb-e1a7-4561-8814-ebb94d72e9dd) (Version: 2.2.0.98 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-601ac8ce-6fac-45ff-8132-0f39b1b3c97f) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-8e9c8b2c-8348-48fc-8545-a0e2ed2f662c) (Version: 2.2.0.95 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{DDB425E2-5E58-11E9-A0FD-0021CCC51F2B}) (Version: 9.5.0.20723 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.5.0.20723 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-64b734ef-e487-4647-85e1-f52526d5636c) (Version: 2.2.0.95 - WildTangent) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
iTunes (HKLM\...\{0963AC13-C9C4-4989-918A-B59A690732EF}) (Version: 12.9.4.102 - Apple Inc.)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jewel Match 3 (HKLM-x32\...\WTA-8ef743f1-abad-46b2-93cc-98af6705d3ee) (Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (HKLM-x32\...\WTA-b3a4602f-a6a6-4512-aa24-5dd521992e74) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-5aedca23-4a6b-4cb9-b176-b883a5697ff9) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 4.11.9966 - Rakuten Kobo Inc.)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
Letters from Nowhere 2 (HKLM-x32\...\WTA-9ea1e429-1ad5-4498-9298-90d99bfe5521) (Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (HKLM-x32\...\WTA-26e44db6-25cb-4bc9-94a7-4396c63c3e52) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-2c5b9434-0ca8-4100-bbde-78cbb64c7166) (Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 66.0.5 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-US)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1 - Mozilla)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Penguins! (HKLM-x32\...\WTA-72eef3c5-e1b7-45e3-adfa-da0599049a9e) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-f56ee623-efd9-4d87-b462-d3501a62b5ec) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WTA-624ba246-6814-47f4-bfdb-9dd523c29783) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-c043724c-26ff-45a2-9194-4c542d5b84ae) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-46d482d0-e77f-42d0-ba38-b6970d898822) (Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6321 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (HKLM-x32\...\WTA-7b86761b-d479-43b1-b6b9-c9be1e8ff55a) (Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Treasures of Mystery Island: The Ghost Ship (HKLM-x32\...\WTA-5ff0192b-7269-4761-96f9-e1a5e0b74fe1) (Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (HKLM-x32\...\WTA-d74af3be-7362-4c51-a17d-c8fbbc3510e0) (Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (HKLM-x32\...\{F89BADB0-D319-470E-8024-443EE3A3402B}) (Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-433b2564-483c-4d30-8c5e-f090eebaaf94) (Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
Zinio Reader 4 (HKLM-x32\...\{7FB00B6B-6843-97EC-EED6-78BD6D35370A}) (Version: 4.2.4164 - Zinio LLC) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zuma's Revenge (HKLM-x32\...\WTA-537510e5-9544-479c-b169-01e366285413) (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [LinkUpMenuExt] -> {B793E5EA-5344-488E-B98D-A18E2E5938AB} => C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\LinkUpExt64.dll [2011-05-07] (Hewlett-Packard Company -> Hewlett-Packard)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-07-04] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2009-01-21 06:51 - 2009-01-21 06:51 - 000007168 _____ ( ) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2011-03-15 07:20 - 2011-03-15 07:20 - 000098304 _____ () [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-07-04 18:20 - 2011-07-04 18:20 - 000243712 _____ () [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000042496 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000034816 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000022016 _____ (Advanced Micro Devices Inc.) [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2011-07-04 18:20 - 2011-07-04 18:20 - 000013824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Runtime.dll
2011-07-04 18:20 - 2011-07-04 18:20 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000028672 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormats.Graphics.Shared.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000053248 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000040960 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000053248 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000049152 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000065536 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.shared.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000025088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000028672 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
2011-07-04 18:19 - 2011-07-04 18:19 - 000345088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000028672 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2011-07-04 18:19 - 2011-07-04 18:19 - 000774144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000106496 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000081920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll
2011-07-04 18:19 - 2011-07-04 18:19 - 000096768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000035840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000077824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000065536 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2011-07-04 18:19 - 2011-07-04 18:19 - 000159744 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000013824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll
2011-07-04 18:20 - 2011-07-04 18:20 - 000019968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Dashboard.dll
2011-07-04 18:20 - 2011-07-04 18:20 - 000033792 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Runtime.dll
2011-07-04 18:20 - 2011-07-04 18:20 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Shared.dll
2011-07-04 18:19 - 2011-07-04 18:19 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2011-07-04 18:19 - 2011-07-04 18:19 - 000019968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2011-07-04 18:19 - 2011-07-04 18:19 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000131072 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000966656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2011-07-04 18:20 - 2011-07-04 18:20 - 002045952 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects1.Dashboard.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000007680 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2011-07-04 18:19 - 2011-07-04 18:19 - 000060928 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 001200640 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000266240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2011-07-04 18:19 - 2011-07-04 18:19 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000021504 _____ (Advanced Micro Devices Inc.) [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000055296 _____ (Advanced Micro Devices Inc.) [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2010-08-24 09:11 - 2010-08-24 09:11 - 000299008 _____ (Advanced Micro Devices Inc.) [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2011-07-04 18:17 - 2011-07-04 18:17 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000095744 _____ (Advanced Micro Devices Inc.) [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2011-04-22 09:40 - 2011-04-22 09:40 - 000080896 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000065536 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000065536 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2011-07-04 18:19 - 2011-07-04 18:19 - 000524288 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000043520 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
2011-07-04 18:20 - 2011-07-04 18:20 - 000240128 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects2.Runtime.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000036352 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000389120 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000057344 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2007-08-10 09:58 - 2007-08-10 09:58 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0706.dll
2009-06-17 22:27 - 2009-06-17 22:27 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2009-06-18 03:24 - 2009-06-18 03:24 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
2008-04-04 09:29 - 2008-04-04 09:29 - 000020480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
2009-04-23 05:13 - 2009-04-23 05:13 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll
2008-12-31 04:04 - 2008-12-31 04:04 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll
2009-06-18 03:24 - 2009-06-18 03:24 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll
2009-12-08 23:49 - 2009-12-08 23:49 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0912.dll
2010-10-08 06:07 - 2010-10-08 06:07 - 000020480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1010.dll
2010-11-06 07:18 - 2010-11-06 07:18 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1011.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000176128 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000259584 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2011-07-04 18:18 - 2011-07-04 18:18 - 000168960 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2011-07-04 18:20 - 2011-07-04 18:20 - 000027648 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000290816 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2011-07-04 18:17 - 2011-07-04 18:17 - 000167936 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2010-09-29 08:33 - 2010-09-29 08:33 - 000299008 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2010-03-04 17:27 - 2010-03-04 17:27 - 000016384 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2009-04-23 05:13 - 2009-04-23 05:13 - 000045056 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2011-08-17 07:03 - 2011-08-17 07:03 - 000016384 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
2011-08-17 07:03 - 2011-08-17 07:03 - 000020480 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
2019-02-21 20:00 - 2019-02-21 20:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2019-01-07 15:18 - 000000853 _____ C:\Windows\system32\drivers\etc\hosts

104.24.98.152 ddlvalley.me

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-3265950178-1640898732-4156275634-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Namron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{27C57ABD-940F-47F6-B539-61F44053110A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies SA -> Skype Technologies S.A.)
FirewallRules: [{8D0C8A17-46A2-4703-A615-4341C286D556}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{1D81C7FF-0FC4-46DD-B3AE-9F9F0BCB6A22}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{3AEA052C-8BAE-4726-A0E8-85888385965E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{6DF8C88F-2C9C-4854-BD5F-1CB42C416210}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{664CBB70-10FE-4682-B07E-D5DFA4BECA6F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0D8A65FC-D58F-4A46-8A08-3F0A2C8FCC63}] => (Allow) LPort=2869
FirewallRules: [{254C82A9-0DDA-4374-ADF6-C70847331457}] => (Allow) LPort=1900
FirewallRules: [{E9BE76B2-68B2-4B45-8090-073E0CE85A1F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{793B6D9E-37DE-41CA-9985-E719DD33D3C5}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68364A4D-AFF2-4369-A244-E3B5465762A4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{10BDB7EF-3297-4071-AD5C-3A2BE5BF254F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CAC40106-7803-4252-80C2-E35B58EBABE7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E9890F6F-F8F9-47AC-BA74-1AAB434693FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3E8ED2CD-0026-49C3-B877-D97F45FFC1D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DC5544EE-B1FE-41A7-A81A-2F030E7E555B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{61EC1B41-CBB2-48D6-9E52-4B72A47CD242}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6AA00B1E-68D9-4D6E-BB4E-FF0046FBD3CA}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{307C77C8-14F9-40A5-BC54-FE4A881EED9E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

12-05-2019 08:14:11 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2019 01:00:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11373

Error: (05/13/2019 01:00:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11373

Error: (05/13/2019 01:00:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/13/2019 01:00:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10359

Error: (05/13/2019 01:00:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10359

Error: (05/13/2019 01:00:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/13/2019 01:00:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9360

Error: (05/13/2019 01:00:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9360


System errors:
=============
Error: (05/12/2019 11:31:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (05/12/2019 03:30:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (05/12/2019 12:30:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

Error: (05/12/2019 12:29:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (05/12/2019 11:23:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (05/12/2019 11:23:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Namron\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/12/2019 11:23:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (05/12/2019 11:23:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Namron\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Windows Defender:
===================================
Date: 2018-11-06 16:05:10.444
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15400.4
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

==================== Memory info ===========================

BIOS: AMI 7.14 01/30/2012
Motherboard: Foxconn 2ACA
Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 91%
Total physical RAM: 3684.87 MB
Available physical RAM: 325.42 MB
Total Virtual: 7367.88 MB
Available Virtual: 3070.02 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:915 GB) (Free:702.67 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.41 GB) (Free:2.05 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{0d8452b5-e1eb-11e8-8306-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 11E39110)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
timbon is offline  
Old 05-13-2019, 09:17 AM   #8
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi,

Update Adobe Flash Player
  • Click here to navigate to the Adobe Flash Player website
  • Uncheck any optional offers
  • Click on Install Now
  • Click Save File and save the file to your Desktop
  • Close all open browsers
  • Double click the Desktop icon then click Run
  • When completed click Finish


--------------------

Update Adobe AIR
  • Click here to navigate to the Adobe AIR website
  • Uncheck any optional offers
  • Click on Download Now
  • Click Save File and save the file to your Desktop
  • Close all open browsers
  • Double-click AdobeAIRInstaller.exe to start the installation
  • When completed click Finish


--------------------

In your next reply, let me know if you were able to successfully update Adobe Flash Player and Adobe AIR.
iMacg3 is offline  
Old 05-13-2019, 02:50 PM   #9
Registered Member
 
Join Date: May 2019
Posts: 6
OS:



Hi,


Both seemed to have updated successfully.
timbon is offline  
Old 05-14-2019, 08:08 AM   #10
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi,

If all is well:

Uninstall FRST
  • Right-click on Frst.exe/Frst64.exe and select Rename
  • Rename the file to Uninstall.exe
  • Double-click on Uninstall.exe to uninstall FRST

Delete any other tools we used in the cleanup process.
----------------------------------------------------
Some tips to keep your computer safe on the Internet

Make sure to use strong passwords. There are password managers (for example, Bitwarden) that can help you use secure passwords, and keep track of them.

How to create a strong password
----------------------------------------------------
Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.

To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
----------------------------------------------------
Here are some articles about how to keep your computer safe on the internet -

Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams

Answers to common security questions - Best Practices - by quietman7

COMPUTER SECURITY - a short guide to staying safer online - Malware Removal

PC Safety and Security - What Do I Need? - Tech Support Forum
----------------------------------------------------

Safe surfing
iMacg3 is offline  
Old 05-14-2019, 04:36 PM   #11
Registered Member
 
Join Date: May 2019
Posts: 6
OS:



Hi,


Thanks you very much for your assistance.
timbon is offline  
Old 05-14-2019, 08:52 PM   #12
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Glad we could help.

It appears that this issue is resolved, therefore this topic is closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

https://www.techsupportforum.com/for...ns-305963.html
iMacg3 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
trojan virus 'appears' to have deleted whole hard drive, docs and program files
Hi. My computer's picked up a trojan virus. I had one about a year ago and people were very helpful about it on here. But this one seems to be a lot more disruptive and i'm not sure how many helpful details i'm going to be able to give you. At the moment, i can't even run a scan on the system or...
mrbaggins Resolved HJT Threads 17 06-16-2011 07:37 AM
Being attacked by adware/spyware...help
I gave this computer to my daughter and she accidentally infected it with multiple problems. We now have an understanding as to how to keep these off, but i need help removing them if possible...thanks. GMER 1.0.15.14972 - https://www.gmer.net Rootkit scan 2009-06-26 23:25:22 Windows...
alanh Resolved HJT Threads 15 07-06-2009 12:27 AM
Need help - Followed all directions - Please see thread
Hello, I'm hoping you will be able to solve our problem. One of our work computers was affected with this what I would say is a virus. The following is happening: 1. Cannot adjust background, which is stuck at a black screen that says Spyware was found on the computer. 2. Constant popups for...
weyoder Resolved HJT Threads 28 01-17-2008 05:57 AM
Ad-ware opens tabs in Firefox
Ive tried everything, run every scanner i could find, there are no processes that shouldnt be there in task manager. Nothing in startup or in services of MSCONFIG. Im stumped. Every couple minutes a new tab will open in firefox(Or if Ff is not open then it will open) With and address that will have...
Twisted-Metal Resolved HJT Threads 21 01-27-2006 10:04 AM
[SOLVED] Please help me
I am being plagues by pop up ads and it's starting to drive me nuts. I've run adaware and Spybot and deleted/fixed what they initially found but nothing helped. Now they are both finding nothing. Here's my Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 10:29:07 AM, on 11/15/2005...
Kyla.Bondy Resolved HJT Threads 14 11-16-2005 05:07 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:03 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts