Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Super slow boot, slow everything

This is a discussion on Super slow boot, slow everything within the Resolved HJT Threads forums, part of the Tech Support Forum category. Not sure what's going on but my computer is so slow it's difficult to do anything. Please help... DDS (Ver_2012-11-20.01)


 
 
Thread Tools Search this Thread
Old 11-05-2018, 12:04 PM   #1
Registered Member
 
Join Date: Aug 2008
Location: Arkansas
Posts: 15
OS: xp pro



Not sure what's going on but my computer is so slow it's difficult to do anything. Please help...

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.19155
Run by Hodie at 13:10:17 on 2018-11-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1243 [GMT -6:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\ptumlcmsvc64.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyServer = localhost:8080
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BU22BX505NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
uRun: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
dRunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://uhc.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{61A21C53-CE0F-4214-BA30-8A64E88F8D1B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{695076B3-72BF-4452-8C0C-61DD9CF93C7E} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{FC761777-E592-4B4B-A5E1-2F915004E613} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FC761777-E592-4B4B-A5E1-2F915004E613}\2375942554431383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FC761777-E592-4B4B-A5E1-2F915004E613}\2375942554638333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FC761777-E592-4B4B-A5E1-2F915004E613}\4415C4F4447454 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{FC761777-E592-4B4B-A5E1-2F915004E613}\44F65726C65645275656022697028496C647F6E6 : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hodie\AppData\Roaming\Mozilla\Firefox\Profiles\km5jf2y2.default-1473202271514\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Hodie\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswbidsh;aswbidsh;C:\Windows\System32\drivers\aswbidsha.sys [2017-2-3 201928]
R0 aswblog;aswblog;C:\Windows\System32\drivers\aswbloga.sys [2017-2-3 346760]
R0 aswbuniv;aswbuniv;C:\Windows\System32\drivers\aswbuniva.sys [2017-2-3 59664]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2014-2-3 88112]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2014-2-3 381144]
R1 aswArPot;aswArPot;C:\Windows\System32\drivers\aswArPot.sys [2017-10-27 201408]
R1 aswbidsdriver;aswbidsdriver;C:\Windows\System32\drivers\aswbidsdrivera.sys [2017-2-3 230512]
R1 aswHdsKe;aswHdsKe;C:\Windows\System32\drivers\aswHdsKe.sys [2017-11-24 185240]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2018-9-4 42456]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-2-3 1028840]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-2-3 467904]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2018-8-23 83768]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-2-3 163376]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-3 208640]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-10-8 325024]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-2-7 9667872]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-20 13592]
R2 ptumlcmsvc;PTUML290 Connection Manager Service;C:\Windows\System32\ptumlcmsvc64.exe [2012-3-8 174592]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-2-20 2320920]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-10-4 8188768]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-3-23 31088]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-8 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-4-2 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-17 565352]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2018-3-26 107592]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2018-3-26 128584]
S3 aswHwid;aswHwid;C:\Windows\System32\drivers\aswHwid.sys [2014-5-6 47064]
S3 aswTap;avast! SecureLine TAP Adapter v3;C:\Windows\System32\drivers\aswTap.sys [2014-7-17 44640]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-2-20 620584]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-1-18 89640]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-20 39976]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2018-10-9 116224]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PTUMLBUS;PTUML USB Composite Device Driver;C:\Windows\System32\drivers\PTUMLBUS.sys [2012-3-8 105600]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;C:\Windows\System32\drivers\PTUMLCVsp.sys [2012-3-8 183424]
S3 PTUMLMBMP;PANTECH UML290 Mobile Broadband;C:\Windows\System32\drivers\PTUMLMBMP.sys [2012-3-8 235776]
S3 PTUMLMdm;PANTECH UML290;C:\Windows\System32\drivers\PTUMLMdm.sys [2012-3-8 183424]
S3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);C:\Windows\System32\drivers\PTUMLNET61.sys [2012-3-8 111872]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;C:\Windows\System32\drivers\PTUMLNVsp.sys [2012-3-8 184448]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;C:\Windows\System32\drivers\PTUMLRMNET.sys [2012-3-8 63744]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;C:\Windows\System32\drivers\PTUMLVsp.sys [2012-3-8 183424]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-12-18 19456]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-2-20 329832]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-12-18 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2018-11-03 20:08:36 52296 ----a-w- C:\Windows\System32\drivers\staport.sys
2018-10-25 18:42:18 -------- d-----w- C:\ProgramData\LightScribe
2018-10-25 05:10:54 214824 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2018-10-25 05:10:34 474904 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2018-10-25 05:10:34 29976 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
.
==================== Find3M ====================
.
2018-10-04 18:32:14 842240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2018-10-04 18:32:14 175104 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2018-09-19 08:08:04 343552 ----a-w- C:\Windows\SysWow64\msrd3x40.dll
2018-09-18 05:38:18 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2018-09-18 05:38:08 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2018-09-18 05:26:12 66560 ----a-w- C:\Windows\System32\iesetup.dll
2018-09-18 05:25:37 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2018-09-18 05:25:33 417280 ----a-w- C:\Windows\System32\html.iec
2018-09-18 05:25:22 576512 ----a-w- C:\Windows\System32\vbscript.dll
2018-09-18 05:25:10 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2018-09-18 05:15:16 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2018-09-18 05:15:14 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2018-09-18 05:14:56 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2018-09-18 05:14:25 5779456 ----a-w- C:\Windows\System32\jscript9.dll
2018-09-18 05:09:50 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2018-09-18 05:01:21 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2018-09-18 05:00:55 87552 ----a-w- C:\Windows\System32\tdc.ocx
2018-09-18 04:41:40 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2018-09-18 04:41:37 2136064 ----a-w- C:\Windows\System32\inetcpl.cpl
2018-09-18 04:35:18 4510720 ----a-w- C:\Windows\System32\wininet.dll
2018-09-18 04:31:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2018-09-18 04:21:27 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2018-09-18 04:21:13 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2018-09-18 04:20:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2018-09-18 04:20:37 341504 ----a-w- C:\Windows\SysWow64\html.iec
2018-09-18 04:19:54 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2018-09-18 04:13:13 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2018-09-18 04:12:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2018-09-18 04:03:14 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2018-09-18 04:02:54 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2018-09-18 03:57:45 4494848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2018-09-18 03:50:59 2059776 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2018-09-18 03:50:44 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2018-09-18 03:37:53 4037632 ----a-w- C:\Windows\SysWow64\wininet.dll
2018-09-11 18:28:58 3227136 ----a-w- C:\Windows\System32\win32k.sys
2018-09-11 18:23:29 161280 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2018-09-11 18:22:58 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2018-09-09 01:02:22 986824 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2018-09-09 01:02:17 631680 ----a-w- C:\Windows\System32\winresume.efi
2018-09-09 01:02:15 5552328 ----a-w- C:\Windows\System32\ntoskrnl.exe
2018-09-09 01:02:12 708296 ----a-w- C:\Windows\System32\winload.efi
2018-09-09 01:02:12 1680072 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2018-09-09 01:02:11 95432 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2018-09-09 01:02:11 265416 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2018-09-09 01:02:11 154824 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2018-09-09 01:01:09 1664320 ----a-w- C:\Windows\System32\ntdll.dll
2018-09-09 00:58:55 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2018-09-09 00:58:53 731648 ----a-w- C:\Windows\System32\kerberos.dll
2018-09-09 00:58:53 419840 ----a-w- C:\Windows\System32\KernelBase.dll
2018-09-09 00:58:38 405504 ----a-w- C:\Windows\System32\gdi32.dll
2018-09-09 00:58:18 44032 ----a-w- C:\Windows\System32\csrsrv.dll
2018-09-09 00:58:17 43520 ----a-w- C:\Windows\System32\cryptbase.dll
2018-09-09 00:58:17 22016 ----a-w- C:\Windows\System32\credssp.dll
2018-09-09 00:46:39 3959496 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2018-09-09 00:46:29 4054216 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2018-09-09 00:46:11 1314072 ----a-w- C:\Windows\SysWow64\ntdll.dll
2018-09-09 00:44:18 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2018-09-09 00:44:18 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2018-09-09 00:44:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2018-09-09 00:44:18 275968 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2018-09-09 00:44:14 82944 ----a-w- C:\Windows\SysWow64\bcrypt.dll
2018-09-09 00:44:14 313344 ----a-w- C:\Windows\SysWow64\gdi32.dll
2018-09-09 00:44:11 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2018-09-09 00:44:07 70144 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2018-09-09 00:44:07 2755584 ----a-w- C:\Windows\SysWow64\themeui.dll
2018-09-09 00:44:04 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2018-09-09 00:43:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2018-09-09 00:43:56 254464 ----a-w- C:\Windows\SysWow64\schannel.dll
2018-09-09 00:43:55 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll
2018-09-09 00:43:46 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2018-09-09 00:43:42 261120 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2018-09-09 00:43:42 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2018-09-09 00:43:42 1391104 ----a-w- C:\Windows\SysWow64\msxml6.dll
2018-09-09 00:43:41 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2018-09-09 00:43:38 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2018-09-09 00:43:30 554496 ----a-w- C:\Windows\SysWow64\kerberos.dll
2018-09-09 00:43:07 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2018-09-09 00:25:59 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2018-09-09 00:25:56 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2018-09-09 00:25:55 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2018-09-09 00:25:11 64000 ----a-w- C:\Windows\System32\auditpol.exe
2018-09-09 00:21:34 338432 ----a-w- C:\Windows\System32\conhost.exe
2018-09-09 00:21:02 129024 ----a-w- C:\Windows\System32\drivers\videoprt.sys
2018-09-09 00:20:35 296960 ----a-w- C:\Windows\System32\rstrui.exe
2018-09-09 00:18:10 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2018-09-09 00:16:54 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2018-09-09 00:15:58 30720 ----a-w- C:\Windows\System32\lsass.exe
2018-09-09 00:15:55 112640 ----a-w- C:\Windows\System32\smss.exe
2018-09-09 00:15:51 64512 ----a-w- C:\Windows\System32\drivers\amdk8.sys
2018-09-09 00:15:51 62464 ----a-w- C:\Windows\System32\drivers\intelppm.sys
2018-09-09 00:15:51 60928 ----a-w- C:\Windows\System32\drivers\processr.sys
2018-09-09 00:15:51 60928 ----a-w- C:\Windows\System32\drivers\amdppm.sys
2018-09-09 00:13:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2018-09-09 00:13:17 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2018-09-09 00:13:17 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2018-09-09 00:13:16 2048 ----a-w- C:\Windows\SysWow64\user.exe
2018-09-09 00:12:14 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2018-09-09 00:12:06 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2018-09-09 00:12:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2018-09-09 00:12:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
.
============= FINISH: 13:12:35.10 ===============
Attached Files
File Type: txt attach.txt (9.8 KB, 4 views)
Hodie is offline  
Sponsored Links
Advertisement
 
Old 11-05-2018, 06:38 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I'm not seeing any sign of infection. It appears you may have issues beyond malware.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan Now
  • Once the Scan is done, select Clean & Repair
  • When prompted, select Clean & Restart Now
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\Logs\AdwCleaner[C0#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-05-2018, 07:43 PM   #3
Registered Member
 
Join Date: Aug 2008
Location: Arkansas
Posts: 15
OS: xp pro



# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-05-2018
# Duration: 00:00:08
# OS: Windows 7 Home Premium
# Cleaned: 40
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Users\Hodie\AppData\Local\slimware utilities inc

***** [ Files ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1299344528-209978598-1344968890-1000\Software\Yahoo\YFriendsBar
Deleted HKCU\Software\Yahoo\YFriendsBar
Deleted HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted HKCU\Software\Yahoo\Companion
Deleted HKLM\Software\Wow6432Node\Yahoo\Companion
Deleted HKCU\Software\distromatic
Deleted HKLM\Software\Wow6432Node\Classes\AppID\YTSingleInstance.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Deleted HKLM\Software\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted HKLM\Software\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted HKLM\Software\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted HKLM\Software\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted HKLM\Software\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
Deleted HKLM\Software\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Deleted HKLM\Software\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
Deleted HKLM\Software\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

Deleted Amazon Assistant for Chrome

***** [ Chromium URLs ] *****

Deleted Ask
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5286 octets] - [05/11/2018 21:00:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########








Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by Hodie (administrator) on HODIE-HP (05-11-2018 21:30:49)
Running from C:\Users\Hodie\Desktop
Loaded Profiles: Hodie (Available Profiles: Hodie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(DEVGURU Co., LTD) C:\Windows\System32\ptumlcmsvc64.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Users\Hodie\Desktop\AdwCleaner.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-01-17] (IDT, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-08] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-08-22] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-06-26] (Apple Inc.)
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\...\MountPoints2: {0eb70f9b-328a-11e3-82f6-984be1b437d1} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2018-06-26] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1299344528-209978598-1344968890-1000] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{61A21C53-CE0F-4214-BA30-8A64E88F8D1B}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{695076B3-72BF-4452-8C0C-61DD9CF93C7E}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{FC761777-E592-4B4B-A5E1-2F915004E613}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-04] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-08-06] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-11-03] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-11-03] (Microsoft Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-08-06] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-11-03] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-08-06] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-08-06] (Google Inc.)
Toolbar: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-08-06] (Google Inc.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://uhc.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Hodie\AppData\Roaming\Mozilla\Firefox\Profiles\km5jf2y2.default-1473202271514 [2018-11-04]
FF Extension: (Avast SafePrice) - C:\Users\Hodie\AppData\Roaming\Mozilla\Firefox\Profiles\km5jf2y2.default-1473202271514\Extensions\[email protected] [2018-03-16]
FF Extension: (Avast Online Security) - C:\Users\Hodie\AppData\Roaming\Mozilla\Firefox\Profiles\km5jf2y2.default-1473202271514\Extensions\[email protected] [2018-06-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin: @Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-10-04] ()
FF Plugin: @Java.com/DTPlugin,version=1.6.0_39 -> C:\Windows\system32\npdeployJava1.dll [2013-03-05] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-10-04] ()
FF Plugin-x32: @Adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin-x32: @apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @Java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1299344528-209978598-1344968890-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Hodie\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-18] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> indeed
CHR Profile: C:\Users\Hodie\AppData\Local\Google\Chrome\User Data\Default [2018-11-05]
CHR Extension: (YouTube) - C:\Users\Hodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Hodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Indeed for Chrome) - C:\Users\Hodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\onimolfnbjjikjiialpfahffkjjgdgkh [2018-10-30]
CHR Extension: (Gmail) - C:\Users\Hodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Hodie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-03]
CHR Profile: C:\Users\Hodie\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-04]
CHR HKU\S-1-5-21-1299344528-209978598-1344968890-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Hodie\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-04] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-08] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9667872 2018-10-24] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc64.exe [174592 2011-11-24] (DEVGURU Co., LTD) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201408 2018-09-27] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230512 2018-09-27] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201928 2018-09-27] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346760 2018-09-27] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59664 2018-09-27] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185240 2018-09-27] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47064 2018-09-27] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42456 2018-09-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163376 2018-09-27] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111968 2018-09-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88112 2018-09-27] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028840 2018-09-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467904 2018-09-27] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208640 2018-09-27] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-17] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381144 2018-09-27] (AVAST Software)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-01-18] (Broadcom Corporation.)
S3 PTUMLMBMP; C:\Windows\System32\DRIVERS\PTUMLMBMP.sys [235776 2011-10-17] (DEVGURU Co., LTD.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-05 21:30 - 2018-11-05 21:35 - 000024285 _____ C:\Users\Hodie\Desktop\FRST.txt
2018-11-05 21:30 - 2018-11-05 21:30 - 000000000 ____D C:\FRST
2018-11-05 21:28 - 2018-11-05 21:28 - 002414592 _____ (Farbar) C:\Users\Hodie\Desktop\FRST64.exe
2018-11-05 20:59 - 2018-11-05 21:00 - 000000000 ____D C:\AdwCleaner
2018-11-05 20:58 - 2018-11-05 20:58 - 007592144 _____ (Malwarebytes) C:\Users\Hodie\Desktop\AdwCleaner.exe
2018-11-05 13:12 - 2018-11-05 13:12 - 000030032 _____ C:\Users\Hodie\Desktop\dds.txt
2018-11-05 13:12 - 2018-11-05 13:12 - 000010064 _____ C:\Users\Hodie\Desktop\attach.txt
2018-11-04 13:02 - 2018-11-04 13:02 - 018072104 _____ (Piriform Ltd) C:\Users\Hodie\Downloads\ccsetup548.exe
2018-11-04 11:07 - 2018-11-04 11:07 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-11-04 11:07 - 2018-11-04 11:07 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-11-04 11:07 - 2018-11-04 11:07 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-11-04 11:07 - 2018-11-04 11:07 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-11-04 11:07 - 2018-11-04 11:07 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-11-04 11:07 - 2018-11-04 11:07 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-11-04 11:07 - 2018-11-04 11:07 - 000002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-11-04 11:07 - 2018-11-04 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-11-04 11:06 - 2018-11-04 11:07 - 000002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-11-03 14:08 - 2018-11-03 14:08 - 000052296 _____ () C:\Windows\system32\Drivers\staport.sys
2018-11-03 14:07 - 2018-10-08 20:11 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-11-01 19:10 - 2018-11-01 19:11 - 000000000 ____D C:\Users\Hodie\Documents\1 Work Files
2018-10-31 09:13 - 2018-11-04 11:35 - 005229935 _____ C:\Users\Hodie\Documents\Golf Clash Wind Chart- Rings Per Wind.xlsx
2018-10-25 12:46 - 2018-11-03 14:23 - 000000000 ____D C:\Users\Hodie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2018-10-25 12:46 - 2018-10-25 12:46 - 000000000 ____D C:\Users\Hodie\Documents\Bluetooth Exchange Folder
2018-10-25 12:42 - 2018-10-25 12:42 - 000000000 ____D C:\ProgramData\LightScribe
2018-10-22 14:46 - 2018-10-22 14:46 - 004560558 _____ C:\Users\Hodie\Downloads\samsung-appliance-rs261mdrs-use-and-care-manual.pdf
2018-10-11 17:26 - 2018-10-11 17:26 - 000108053 _____ C:\Users\Hodie\Downloads\Reservation Confirmation - 92202189.pdf
2018-10-09 16:02 - 2018-09-19 02:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2018-10-09 16:02 - 2018-09-18 12:10 - 000348976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-10-09 16:02 - 2018-09-17 23:25 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-10-09 16:02 - 2018-09-17 23:14 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-10-09 16:02 - 2018-09-17 23:14 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-10-09 16:02 - 2018-09-17 23:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-10-09 16:02 - 2018-09-17 23:09 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-10-09 16:02 - 2018-09-17 22:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-10-09 16:02 - 2018-09-17 22:31 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-10-09 16:02 - 2018-09-17 22:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-10-09 16:02 - 2018-09-17 22:21 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-10-09 16:02 - 2018-09-17 22:20 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-10-09 16:02 - 2018-09-17 22:20 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-10-09 16:02 - 2018-09-17 22:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-10-09 16:02 - 2018-09-17 22:18 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-10-09 16:02 - 2018-09-17 22:15 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-10-09 16:02 - 2018-09-17 22:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-10-09 16:02 - 2018-09-17 22:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-10-09 16:02 - 2018-09-17 22:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-10-09 16:02 - 2018-09-17 22:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-10-09 16:02 - 2018-09-17 22:12 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-10-09 16:02 - 2018-09-17 22:06 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-10-09 16:02 - 2018-09-17 22:03 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-10-09 16:02 - 2018-09-17 22:02 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-10-09 16:02 - 2018-09-17 22:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-10-09 16:02 - 2018-09-17 22:00 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-10-09 16:02 - 2018-09-17 21:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-10-09 16:02 - 2018-09-17 21:58 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-10-09 16:02 - 2018-09-17 21:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-10-09 16:02 - 2018-09-17 21:57 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-10-09 16:02 - 2018-09-17 21:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-10-09 16:02 - 2018-09-17 21:52 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-10-09 16:02 - 2018-09-17 21:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-10-09 16:02 - 2018-09-17 21:50 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-10-09 16:02 - 2018-09-17 21:50 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-10-09 16:02 - 2018-09-17 21:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-10-09 16:02 - 2018-09-17 21:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-10-09 16:02 - 2018-09-17 21:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-10-09 16:02 - 2018-09-11 12:28 - 003227136 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-10-09 16:02 - 2018-09-11 12:23 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-10-09 16:02 - 2018-09-11 12:22 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-10-09 16:02 - 2018-09-08 19:02 - 005552328 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-10-09 16:02 - 2018-09-08 19:02 - 001680072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-10-09 16:02 - 2018-09-08 19:02 - 000986824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-10-09 16:02 - 2018-09-08 19:02 - 000265416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-10-09 16:02 - 2018-09-08 19:02 - 000154824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-10-09 16:02 - 2018-09-08 19:02 - 000095432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-10-09 16:02 - 2018-09-08 19:01 - 001664320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 002851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-10-09 16:02 - 2018-09-08 18:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-10-09 16:02 - 2018-09-08 18:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-10-09 16:02 - 2018-09-08 18:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-10-09 16:02 - 2018-09-08 18:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-10-09 16:02 - 2018-09-08 18:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-10-09 16:02 - 2018-09-08 18:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:46 - 004054216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-10-09 16:02 - 2018-09-08 18:46 - 003959496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-10-09 16:02 - 2018-09-08 18:46 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-10-09 16:02 - 2018-09-08 18:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2018-10-09 16:02 - 2018-09-08 18:44 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-10-09 16:02 - 2018-09-08 18:44 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-10-09 16:02 - 2018-09-08 18:44 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-10-09 16:02 - 2018-09-08 18:44 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-10-09 16:02 - 2018-09-08 18:44 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-10-09 16:02 - 2018-09-08 18:44 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-10-09 16:02 - 2018-09-08 18:44 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-10-09 16:02 - 2018-09-08 18:44 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-10-09 16:02 - 2018-09-08 18:44 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-10-09 16:02 - 2018-09-08 18:44 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-10-09 16:02 - 2018-09-08 18:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-10-09 16:02 - 2018-09-08 18:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-10-09 16:02 - 2018-09-08 18:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-10-09 16:02 - 2018-09-08 18:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-10-09 16:02 - 2018-09-08 18:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-10-09 16:02 - 2018-09-08 18:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-10-09 16:02 - 2018-09-08 18:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-10-09 16:02 - 2018-09-08 18:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-10-09 16:02 - 2018-09-08 18:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-10-09 16:02 - 2018-09-08 18:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-10-09 16:02 - 2018-09-08 18:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:25 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-10-09 16:02 - 2018-09-08 18:21 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-10-09 16:02 - 2018-09-08 18:20 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-10-09 16:02 - 2018-09-08 18:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-10-09 16:02 - 2018-09-08 18:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-10-09 16:02 - 2018-09-08 18:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-10-09 16:02 - 2018-09-08 18:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-10-09 16:02 - 2018-09-08 18:13 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-10-09 16:02 - 2018-09-08 18:13 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-10-09 16:02 - 2018-09-08 18:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-10-09 16:02 - 2018-09-08 18:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-10-09 16:02 - 2018-09-08 18:12 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-10-09 16:02 - 2018-09-08 18:12 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-10-09 16:02 - 2018-09-08 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-10-09 16:02 - 2018-08-28 00:24 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-10-09 16:02 - 2018-08-28 00:24 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-10-09 16:02 - 2018-08-28 00:24 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-10-09 16:02 - 2018-08-28 00:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-10-09 16:02 - 2018-08-28 00:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-10-09 16:02 - 2018-08-28 00:09 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-10-09 16:02 - 2018-08-28 00:09 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-10-09 16:02 - 2018-08-27 23:52 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-10-09 16:02 - 2018-08-27 23:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-10-09 16:02 - 2018-08-27 23:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-10-09 16:02 - 2018-08-15 20:18 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2018-10-09 16:02 - 2018-08-13 15:49 - 001391856 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-10-09 16:02 - 2018-08-13 09:54 - 000687616 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-10-09 16:02 - 2018-08-08 09:40 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-10-09 16:02 - 2018-08-08 09:40 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-10-09 16:01 - 2018-09-18 13:08 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-10-09 16:01 - 2018-09-17 23:52 - 025735168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-10-09 16:01 - 2018-09-17 23:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-10-09 16:01 - 2018-09-17 23:38 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-10-09 16:01 - 2018-09-17 23:27 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-10-09 16:01 - 2018-09-17 23:26 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-10-09 16:01 - 2018-09-17 23:25 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-10-09 16:01 - 2018-09-17 23:25 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-10-09 16:01 - 2018-09-17 23:25 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-10-09 16:01 - 2018-09-17 23:19 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-10-09 16:01 - 2018-09-17 23:18 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-10-09 16:01 - 2018-09-17 23:16 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-10-09 16:01 - 2018-09-17 23:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-10-09 16:01 - 2018-09-17 23:15 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-10-09 16:01 - 2018-09-17 23:06 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-10-09 16:01 - 2018-09-17 23:01 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-10-09 16:01 - 2018-09-17 23:00 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-10-09 16:01 - 2018-09-17 23:00 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-10-09 16:01 - 2018-09-17 22:57 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-10-09 16:01 - 2018-09-17 22:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-10-09 16:01 - 2018-09-17 22:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-10-09 16:01 - 2018-09-17 22:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-10-09 16:01 - 2018-09-17 22:45 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-10-09 16:01 - 2018-09-17 22:43 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-10-09 16:01 - 2018-09-17 22:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-10-09 16:01 - 2018-09-17 22:41 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-10-09 16:01 - 2018-09-17 22:41 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-10-09 16:01 - 2018-09-17 22:39 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-10-09 16:01 - 2018-09-17 22:35 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-10-09 16:01 - 2018-09-17 22:23 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-10-09 16:01 - 2018-09-17 22:10 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-10-09 16:01 - 2018-09-08 19:02 - 000708296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-10-09 16:01 - 2018-09-08 19:02 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-10-09 16:01 - 2018-09-08 19:02 - 000262344 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-10-09 16:01 - 2018-09-08 18:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-10-09 16:01 - 2018-09-08 18:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-10-09 16:01 - 2018-09-08 18:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-10-09 16:01 - 2018-09-08 18:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-10-09 16:01 - 2018-09-08 18:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-10-09 16:01 - 2018-09-08 18:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-10-09 16:01 - 2018-09-08 18:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-10-09 16:01 - 2018-09-08 18:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-10-09 16:01 - 2018-09-08 18:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-10-09 16:01 - 2018-09-08 18:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-10-09 16:01 - 2018-09-08 18:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-10-09 16:01 - 2018-09-08 18:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-10-09 16:01 - 2018-09-08 18:21 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-10-09 16:01 - 2018-09-08 18:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-10-09 16:01 - 2018-09-08 18:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-10-09 16:01 - 2018-09-08 18:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-10-09 16:01 - 2018-09-08 18:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-10-09 16:01 - 2018-08-12 14:32 - 000140976 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-10-09 16:01 - 2018-08-12 14:27 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-10-09 16:01 - 2018-08-08 09:54 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-10-09 16:01 - 2018-08-08 09:54 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-05 21:35 - 2012-01-18 20:23 - 000000000 ____D C:\Users\Hodie\Documents\Outlook Files
2018-11-05 21:25 - 2017-09-17 18:14 - 000000000 ____D C:\Users\Hodie\AppData\Local\8763A474-BD78-4121-82AC-95981BC6E3D8.aplzod
2018-11-05 21:12 - 2009-07-13 22:45 - 000026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-05 21:12 - 2009-07-13 22:45 - 000026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-05 21:11 - 2018-05-15 16:27 - 000000000 ____D C:\Users\Hodie\AppData\Local\AVAST Software
2018-11-05 21:10 - 2017-09-12 08:21 - 000000000 ___RD C:\Users\Hodie\iCloudDrive
2018-11-05 21:07 - 2009-07-13 23:13 - 000790310 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-05 21:07 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2018-11-05 21:02 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-05 14:30 - 2014-01-07 11:12 - 000000000 ____D C:\Users\Hodie\Documents\Parrish Files
2018-11-05 14:22 - 2018-08-06 13:16 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-05 14:22 - 2018-08-06 13:16 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-05 14:22 - 2018-03-24 13:31 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-05 14:22 - 2018-02-19 08:58 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-11-05 14:22 - 2018-02-19 08:58 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-11-05 14:22 - 2017-02-15 01:18 - 000003420 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2018-11-05 14:22 - 2016-04-04 18:04 - 000003148 _____ C:\Windows\System32\Tasks\MirageAgent
2018-11-05 14:22 - 2016-01-03 19:28 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-11-05 14:22 - 2014-12-29 10:46 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-04 13:03 - 2018-02-19 08:58 - 000000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-04 13:03 - 2018-02-19 08:58 - 000000000 ____D C:\Program Files\CCleaner
2018-11-04 11:10 - 2016-02-07 15:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-04 11:04 - 2011-01-09 03:51 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-03 14:50 - 2018-08-06 13:17 - 000002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-03 14:50 - 2018-08-06 13:17 - 000002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-03 14:38 - 2013-01-07 11:59 - 000000000 ____D C:\Windows\pss
2018-11-03 14:23 - 2018-10-01 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-11-03 14:23 - 2018-02-19 08:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-03 14:23 - 2017-12-06 08:10 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-11-03 14:23 - 2016-09-06 16:51 - 000000000 ____D C:\Users\Hodie\Desktop\Old Firefox Data
2018-11-03 14:23 - 2012-01-17 23:57 - 000000000 ____D C:\Program Files\IDT
2018-11-03 14:23 - 2011-01-09 03:52 - 000000000 ____D C:\ProgramData\RoxioNow
2018-11-03 14:22 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\registration
2018-11-03 14:08 - 2016-11-28 12:18 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-11-03 14:08 - 2016-01-23 10:29 - 000001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-11-03 14:04 - 2011-12-25 14:21 - 000000000 ____D C:\Users\Hodie
2018-11-02 07:15 - 2018-08-04 13:33 - 000000000 ____D C:\Users\Hodie\Documents\1 A New Job Folder
2018-10-25 11:53 - 2015-11-01 09:35 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-10 08:57 - 2012-03-30 13:00 - 000000000 ____D C:\Users\Hodie\AppData\LocalLow\Adobe
2018-10-10 03:15 - 2009-07-13 22:45 - 000436424 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-10 03:04 - 2013-08-01 02:00 - 000000000 ____D C:\Windows\system32\MRT
2018-10-10 02:17 - 2011-12-28 15:31 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-10 02:04 - 2011-12-25 18:52 - 000782924 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2012-01-19 18:37 - 2012-01-19 18:37 - 000036585 _____ () C:\Users\Hodie\AppData\Roaming\Comma Separated Values (Windows).ADR
2016-02-07 22:55 - 2016-02-07 22:55 - 000036567 _____ () C:\Users\Hodie\AppData\Roaming\Comma Separated Values.ADR
2013-02-27 13:29 - 2015-06-27 14:43 - 000005120 _____ () C:\Users\Hodie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-12 15:50 - 2018-02-07 20:54 - 000007605 _____ () C:\Users\Hodie\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-20 11:46

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition_05-11-2018 21.37.26.txt (47.2 KB, 3 views)
Hodie is offline  
Sponsored Links
Advertisement
 
Old 11-05-2018, 07:47 PM   #4
Registered Member
 
Join Date: Aug 2008
Location: Arkansas
Posts: 15
OS: xp pro



Thanks so much for your attention to this matter. I have a question... Why do I have 32 and 64 files everywhere on my computer? Is my operating system a 32 or 64?
Hodie is offline  
Old 11-06-2018, 02:51 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Hodie. You're very welcome. Your machine is 64-bit.

https://www.howtogeek.com/129178/why...es-x86-folder/

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

https://pcsupport.about.com/od/window...-windows-7.htm

You can also download recovery software if you don't have an installation DVD:

https://www.microsoft.com/en-us/soft...nload/windows7

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
    ContextMenuHandlers1: [Zecter] -> [CC]{E032716F-2E0A-4CCB-9FEB-BF2090B035DF} =>  -> No File
    ContextMenuHandlers6: [Zecter] -> [CC]{E032716F-2E0A-4CCB-9FEB-BF2090B035DF} =>  -> No File
    Task: {06104FBB-C95D-4CD9-B1A0-8E8A5F417776} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {CAEEB989-6B05-4FBD-9A5C-4A71D6A80A41} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1299344528-209978598-1344968890-1000\...\MountPoints2: {0eb70f9b-328a-11e3-82f6-984be1b437d1} - G:\MotorolaDeviceManagerSetup.exe -a
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
    SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
    SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [No File]
    FF Plugin-x32: @Java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    CHR HKU\S-1-5-21-1299344528-209978598-1344968890-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Hodie\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-06-2018, 08:59 PM   #6
Registered Member
 
Join Date: Aug 2008
Location: Arkansas
Posts: 15
OS: xp pro



I first saved the "code" (2 files) in my Documents folder and double clicked the FRST64.exe. I got an error code:

The version of this file is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need an x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.

???

I tried to run the program from the start menu and it gave me an option to run the program we ran yesterday but wasn't sure so I canceled.

Sorry... I'm an idiot... (lol)
Hodie is offline  
Old 11-07-2018, 05:26 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Hodie. No worries.

When you first ran FRST64.exe, it was located on and running from your desktop:

Quote:
Running from C:\Users\Hodie\Desktop
That is the preferred location. Please leave FRST4.exe there.

Quote:
I first saved the "code" (2 files) in my Documents folder and double clicked the FRST64.exe. I got an error code
You only needed to save 1 file, fixlist.txt, to your desktop. You probably tried to save the same code as FRST64 and fixlist, which would give you an error.

Delete any files you created/saved. Make sure FRST64.exe is still on your desktop.

Follow the previous instructions for creating fixlist.txt and running the Fix. Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-07-2018, 06:03 PM   #8
Registered Member
 
Join Date: Aug 2008
Location: Arkansas
Posts: 15
OS: xp pro



Fix result of Farbar Recovery Scan Tool (x64) Version: 07.11.2018
Ran by Hodie (07-11-2018 19:35:02) Run:1
Running from C:\Users\Hodie\Desktop
Loaded Profiles: Hodie (Available Profiles: Hodie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ContextMenuHandlers1: [Zecter] -> [CC]{E032716F-2E0A-4CCB-9FEB-BF2090B035DF} => -> No File
ContextMenuHandlers6: [Zecter] -> [CC]{E032716F-2E0A-4CCB-9FEB-BF2090B035DF} => -> No File
Task: {06104FBB-C95D-4CD9-B1A0-8E8A5F417776} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CAEEB989-6B05-4FBD-9A5C-4A71D6A80A41} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\...\MountPoints2: {0eb70f9b-328a-11e3-82f6-984be1b437d1} - G:\MotorolaDeviceManagerSetup.exe -a
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-1299344528-209978598-1344968890-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @Java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKU\S-1-5-21-1299344528-209978598-1344968890-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Hodie\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => removed successfully
HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Zecter => removed successfully
HKLM\Software\Classes\CLSID\[CC]{E032716F-2E0A-4CCB-9FEB-BF2090B035DF} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Zecter => removed successfully
HKLM\Software\Classes\CLSID\[CC]{E032716F-2E0A-4CCB-9FEB-BF2090B035DF} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06104FBB-C95D-4CD9-B1A0-8E8A5F417776}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06104FBB-C95D-4CD9-B1A0-8E8A5F417776}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAEEB989-6B05-4FBD-9A5C-4A71D6A80A41}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAEEB989-6B05-4FBD-9A5C-4A71D6A80A41}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eb70f9b-328a-11e3-82f6-984be1b437d1} => removed successfully
HKLM\Software\Classes\CLSID\{0eb70f9b-328a-11e3-82f6-984be1b437d1} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => removed successfully
HKLM\Software\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => not found
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => removed successfully
HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => not found
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => removed successfully
HKLM\Software\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => not found
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => removed successfully
HKLM\Software\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found
"HKU\S-1-5-21-1299344528-209978598-1344968890-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
HKLM\Software\MozillaPlugins @microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins @Java.com/DTPlugin,version=11.111.2 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins @Java.com/JavaPlugin,version=11.111.2 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins @microsoft.com/GENUINE => removed successfully
HKU\S-1-5-21-1299344528-209978598-1344968890-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 16777216 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4482887 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 556646 B
Edge => 0 B
Chrome => 182854466 B
Firefox => 4574058 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42337740 B
systemprofile32 => 121513 B
LocalService => 66228 B
NetworkService => 66228 B
Hodie => 24114543 B

RecycleBin => 18420 B
EmptyTemp: => 263.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:37:31 ====
Hodie is offline  
Old 11-07-2018, 06:26 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Hodie. Good job! How is the machine behaving? Any imnprovement?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mb3-setup-1878.1878-3.6.1.2711.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • NOTE: If you select the Premium features, MBAM will be running as a full-fledged, real-time antivirus application.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Quarantine Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart, wait for MBAM to open back up, then click Export Summary
  • If no threats were found, simply click Export Summary
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Please post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-08-2018, 09:27 AM   #10
Registered Member
 
Join Date: Aug 2008
Location: Arkansas
Posts: 15
OS: xp pro



Overall, I can't see much difference in machine performance. On my reboot it takes a long time 5+ min to fully load the start-up programs (avast, combo wifi/bluetooth, and windows action center. When I click outlook for email, it takes a couple of minutes for that to load and sometimes my send/receive mail has a connection problem.

OK... so the Malwarebytes was clean and didn't take all that long to scan... BUT omg, eset scan took forever. It seems my computer was locking up during the scan. I was watching the "number of files scanned" and it would take minutes to scan one file (apple folder) and then many files a second... ?

Here is the Malwarebytes Scan:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/8/18
Scan Time: 2:30 AM
Log File: 988466c4-e330-11e8-96a3-984be1b437d1.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7745
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 295922
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 hr, 55 min, 9 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

eset log:

C:\AdwCleaner\Quarantine\v1\20181105.210051\1\Downloaded Installers\{984D8789-07A6-4CD8-9766-35408C67395D}\setup.msi#7B238CD47778005F a variant of Win32/UwS.SlimDrivers.A application
C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe a variant of Win32/UwS.SlimDrivers.A application
C:\Users\Hodie\Downloads\55e3f5fc-dc5e-461e-98d2-33c24d97ebbf.tmp Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Hodie\Downloads\ccsetup538.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Hodie\Downloads\ccsetup546.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Hodie\Downloads\ccsetup547.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Hodie\Downloads\ccsetup548.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Installer\2532c9.msi a variant of Win32/UwS.SlimDrivers.A application
Hodie is offline  
Old 11-08-2018, 06:52 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Hodie. ESET does an extensive scan of the files on your machine. However, it didn't find anything malicious.

As I mentioned when you first posted, your issues don't appear to be malware related.

I suggest you seek expert advice in our Windows Vista/Windows 7 Support Forum

Windows Vista/Windows 7 Support Forum

Let them know you were here first and were cleared of malware.

------------------------------------------------------

The first ESET find has already been quarantined by AdwCleaner. It will get deleted when we uninstall those tools.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe"
"C:\Users\Hodie\Downloads\55e3f5fc-dc5e-461e-98d2-33c24d97ebbf.tmp"
"C:\Users\Hodie\Downloads\ccsetup538.exe"
"C:\Users\Hodie\Downloads\ccsetup546.exe"
"C:\Users\Hodie\Downloads\ccsetup547.exe"
"C:\Users\Hodie\Downloads\ccsetup548.exe"
"C:\Windows\Installer\2532c9.msi"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

Your logs appear clean. You should be good to go.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Run AdwCleaner and go Settings > Remove AdwCleaner > Remove

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

https://windows.microsoft.com/en-US/w...up-and-restore

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-12-2018, 04:25 PM   #12
Registered Member
 
Join Date: Aug 2008
Location: Arkansas
Posts: 15
OS: xp pro



Hey Chemist,
Thanks so much for all the help. I had to travel and been away. I will complete the last steps tonight and post a reply.

I also have a couple of questions on Virus/malware protection... should I keep using this free version of avast? Does the Malwarebytes do the same? I would like to be safe but unsure on what to keep and not keep.

Thanks in advance...
Hodie
Hodie is offline  
Old 11-13-2018, 03:51 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Hodie. You're welcome.

It's up to you whether to keep Avast or use MBAM. The Avast version you have is free, but the full antivirus(Premium) version of MBAM is not free.

When installed, MBAM is a full-fledged, real-time antivirus. I told you earlier that there was an option to deselect the 14-day Premium trial version of MBAM when installing. However that changed recently.

There is no longer an option to deselect the Premium version when installing MBAM. Instead, you may opt-out of the free version after installing using these instructions here:

https://support.malwarebytes.com/docs/DOC-1033

I would disable Avast and use the 14-day trial to see how you like the Premium version of MBAM.

If you decide to keep MBAM as your antivirus, you will have to uninstall Avast then purchase the Premium version of MBAM once the 14-day trial expires.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-13-2018, 06:42 AM   #14
Registered Member
 
Join Date: Aug 2008
Location: Arkansas
Posts: 15
OS: xp pro



OK... Hello Chemist,

I ran the code and got a message "Deleted Successfully".

Also ran the FRST ... all appears well and my machine is performing much better.

I will choose the MBAM premium and get rid of Avast.

I wish you well... THANKS SO MUCH!!!
Hodie
Hodie is offline  
Old 11-13-2018, 05:45 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Hodie! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
2nd: Super slow boot, Outlook send/receive errors, over-heating, CPU maxing out?
HP Pavilion g7, Win XP, Super slow boot and operation, CPU max and overheating, Outlook receive errors and generally slow. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.19081 Run by Hodie at 18:29:06 on 2018-08-07 Microsoft Windows 7 Home Premium ...
Hodie Virus/Trojan/Spyware Help 0 08-08-2018 09:21 AM
Super slow boot, Outlook send/receive errors, over-heating, CPU maxing out?
My laptop is running so hard and so slow I get a "high temp" alert every so often. I assume more than one program running in the background and it's using all my CPU and overheating my computer. Please help. Thanks in advance... Hodie DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer:...
Hodie Virus/Trojan/Spyware Help 0 08-08-2018 07:18 AM
Reboot and select proper Boot System
Hey, I just built my first PC got it to turn on, and it brought me to my mother board bios settings/setup I didn't know what to do there so I just set the date and time and saved it, it then restarted my computer and a message popped up saying ''Reboot and select proper boot system or insert boot...
Galelao Motherboards, Bios & CPU 3 09-26-2013 02:14 PM
Packard Bell Slow Boot
Hi, A friend has a packard Bell 64 bit utow-sun with Windows Xp. He was unable to boot the PC and asked me to take a look. He downloads several games from the Internet and i guess he got some infections. His Anti-Virus expired long ago. He doesn't have a XP disc. After trying everything i know i...
terryco Windows XP Support 5 04-22-2013 07:34 AM
HDD sata transfers and boot extremely slow in Windows Server 2003
Hi there. Computer is working as server in a small company. PC was working fast and reliable from 2008. But this year computer suddenly become slow and hdd transfers become low about 2mb/s. Booting is also very long and takes forever to start. "applying computer settings" message takes about 8...
razorpl Hard Drive Support 0 08-12-2012 05:58 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:02 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts