Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018 Ran by NormanNorrisNotebook (administrator) on NORMANNORRISNOT (20-10-2018 16:27:23) Running from C:\Users\NormanNorrisNotebook\Downloads Loaded Profiles: NormanNorrisNotebook (Available Profiles: NormanNorrisNotebook) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{893F5DF6-022E-4065-92AE-63D0C2E0A520}\AvastBrowserInstallerIncremental-69.0.792.81.exe (AVAST Software) C:\Windows\temp\CR_E70FF.tmp\setup.exe (AVAST Software) C:\Windows\temp\CR_E70FF.tmp\setup.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (Google) C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\SwReporter\32.168.200\software_reporter_tool.exe (Google) C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\SwReporter\32.168.200\software_reporter_tool.exe (Google) C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\SwReporter\32.168.200\software_reporter_tool.exe (Google Inc.) C:\Program Files (x86)\Google\Update\Install\{149A9BD9-FC7B-4176-9FA0-4C6622CC6A39}\70.0.3538.67_69.0.3497.100_chrome_updater.exe (Google Inc.) C:\Windows\temp\CR_F0CB1.tmp\setup.exe (Google Inc.) C:\Windows\temp\CR_F0CB1.tmp\setup.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\NormanNorrisNotebook\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-04-13] (Realtek Semiconductor) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-09-09] (AVAST Software) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-08-22] (Apple Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-351659774-2789822584-2971473695-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-01] (Apple Inc.) HKU\S-1-5-21-351659774-2789822584-2971473695-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-10-01] (Apple Inc.) HKU\S-1-5-21-351659774-2789822584-2971473695-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-11-03] ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\Users\NormanNorrisNotebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2011-12-17] ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{435B54ED-922E-4478-BE65-25F0E29AE9A0}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{D2132B83-3491-4909-A6E8-6A042F6821F8}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/en-us/?pc=avmsp&ocid=PerDHP HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-351659774-2789822584-2971473695-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-351659774-2789822584-2971473695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/en-us/?pc=avmsp&ocid=PerDHP SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = SearchScopes: HKU\S-1-5-21-351659774-2789822584-2971473695-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms} SearchScopes: HKU\S-1-5-21-351659774-2789822584-2971473695-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-351659774-2789822584-2971473695-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?pc=cosp&ptag=A12318C5BE3&form=CONBDF&conlogo=CT3210127&q={searchTerms} BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-351659774-2789822584-2971473695-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2016-07-09] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-07-19] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-23] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-23] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.msn.com/" CHR Profile: C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default [2018-10-20] CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-08-04] CHR Extension: (YouTube) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10] CHR Extension: (Google Search) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-02] CHR Extension: (iCloud Bookmarks) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-10-09] CHR Extension: (Avast Online Security) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-20] CHR Extension: (Chrome Media Router) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-20] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7994520 2018-09-09] (AVAST Software) R2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-09] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-09-09] (AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-09] (AVAST Software) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [199712 2018-09-09] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229384 2018-09-09] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201320 2018-09-09] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-09-09] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59568 2018-09-09] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [249016 2018-09-09] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-09-09] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163392 2018-09-22] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111864 2018-09-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87904 2018-09-22] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-09-09] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467320 2018-09-22] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215920 2018-09-22] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381560 2018-09-09] (AVAST Software) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-20 16:27 - 2018-10-20 16:29 - 000025907 _____ C:\Users\NormanNorrisNotebook\Downloads\FRST.txt 2018-10-20 16:24 - 2018-10-20 16:24 - 002414592 _____ (Farbar) C:\Users\NormanNorrisNotebook\Downloads\FRST64 (1).exe 2018-10-20 16:23 - 2018-10-20 16:27 - 000000000 ____D C:\FRST 2018-10-20 16:23 - 2018-10-20 16:23 - 002414592 _____ (Farbar) C:\Users\NormanNorrisNotebook\Downloads\FRST64.exe 2018-10-17 15:33 - 2018-10-17 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2018-10-17 15:01 - 2018-10-17 15:41 - 000000000 ____D C:\Users\Public\Resumes 2018-09-30 18:28 - 2018-09-30 18:28 - 000001709 _____ C:\Users\Public\Desktop\iTunes.lnk 2018-09-30 18:28 - 2018-09-30 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2018-09-30 18:28 - 2018-09-30 18:28 - 000000000 ____D C:\Program Files\iPod 2018-09-30 18:26 - 2018-09-30 18:28 - 000000000 ____D C:\Program Files\iTunes ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-20 16:22 - 2012-03-01 00:08 - 000000000 ____D C:\Users\NormanNorrisNotebook\AppData\Roaming\Adobe 2018-10-20 16:19 - 2017-04-12 20:00 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-10-20 16:18 - 2013-12-31 18:14 - 000000000 ____D C:\Users\NormanNorrisNotebook\AppData\Local\3D4CDB02-E2C4-4FF5-A74F-A3B365FB9CBF.aplzod 2018-10-20 16:16 - 2012-04-12 18:12 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job 2018-10-17 19:17 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-10-17 19:17 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-10-17 19:05 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-10-17 19:03 - 2016-04-22 16:20 - 000000000 ____D C:\ProgramData\CanonIJPLM 2018-10-17 15:17 - 2012-04-12 18:27 - 000000000 ____D C:\Users\NormanNorrisNotebook\AppData\Local\Adobe 2018-10-17 15:11 - 2013-12-31 18:13 - 000003464 _____ C:\Windows\System32\Tasks\Apple Diagnostics 2018-10-17 15:04 - 2012-04-16 17:28 - 000000000 ____D C:\Users\NormanNorrisNotebook\Documents\Resumes 2018-10-17 15:00 - 2018-06-09 17:16 - 000000000 ____D C:\Users\NormanNorrisNotebook\AppData\Local\AVAST Software 2018-09-30 17:49 - 2012-03-01 00:14 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-09-30 17:49 - 2012-03-01 00:14 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-09-30 17:32 - 2018-06-09 17:19 - 000002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk 2018-09-30 17:32 - 2018-06-09 17:19 - 000002388 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk 2018-09-22 20:23 - 2013-12-31 18:20 - 000215920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-09-22 20:23 - 2013-07-07 20:25 - 000087904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-09-22 20:23 - 2012-03-01 00:13 - 000467320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-09-22 20:23 - 2012-03-01 00:13 - 000163392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-09-22 20:21 - 2016-07-22 19:57 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Files in the root of some directories ======= 2015-09-28 19:10 - 2015-09-28 19:10 - 006420480 _____ () C:\Program Files (x86)\GUT8890.tmp 2012-04-28 20:57 - 2017-08-20 19:55 - 000000132 _____ () C:\Users\NormanNorrisNotebook\AppData\Roaming\Adobe PNG Format CS5 Prefs 2012-04-29 11:37 - 2017-10-09 19:52 - 000001456 _____ () C:\Users\NormanNorrisNotebook\AppData\Local\Adobe Save for Web 12.0 Prefs 2018-10-20 16:22 - 2018-10-20 16:22 - 000000000 _____ () C:\Users\NormanNorrisNotebook\AppData\Local\oobelibMkey.log Some files in TEMP: ==================== 2013-09-26 20:03 - 2014-11-11 11:24 - 000150096 _____ (RealNetworks, Inc.) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\lowproc.exe 2014-07-29 11:05 - 2014-07-29 11:05 - 050067152 _____ (Microsoft Corporation) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe 2015-01-19 15:18 - 2015-01-19 15:18 - 001126480 ____N (CANON INC.) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\MSETUP4.EXE 2013-09-26 20:03 - 2014-11-11 11:25 - 000090624 _____ (RealNetworks, Inc.) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\stubhelper.dll 2016-03-15 18:16 - 2016-03-15 18:16 - 000000000 _____ () C:\Users\NormanNorrisNotebook\AppData\Local\Temp\w7nbknh3.dll 2012-08-16 05:34 - 2012-08-16 05:34 - 000455600 ____R (Macrovision Corporation) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\_is6681.exe 2015-10-13 11:57 - 2015-10-13 11:57 - 043332688 _____ (Google Inc.) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\{C221A67F-83B1-47BA-8F5B-6D5482C01143}-46.0.2490.71_chrome_installer.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-10-17 16:09 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018 Ran by NormanNorrisNotebook (20-10-2018 16:30:05) Running from C:\Users\NormanNorrisNotebook\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2012-03-01 03:44:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-351659774-2789822584-2971473695-500 - Administrator - Disabled) Guest (S-1-5-21-351659774-2789822584-2971473695-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-351659774-2789822584-2971473695-1010 - Limited - Enabled) NormanNorrisNotebook (S-1-5-21-351659774-2789822584-2971473695-1001 - Administrator - Enabled) => C:\Users\NormanNorrisNotebook ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems) Adobe After Effects CS5.5 Third Party Content (HKLM-x32\...\{606A0AC5-5F90-4379-81AE-11B44707E094}) (Version: 10.5 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated) Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated) Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.) Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology) ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS) ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.22 - ASUS) ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{33B98264-A889-4913-A0CA-C364A75032B3}) (Version: 1.1.45 - ASUS) ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.) AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK) Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.6.2349 - AVAST Software) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 69.0.792.81 - AVAST Software) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.) Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.) Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.) Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version: - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS) Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.) iCloud (HKLM\...\{29C6B346-C29C-40CE-89EB-DF7C149E0EB9}) (Version: 7.7.0.27 - Apple Inc.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel) iTunes (HKLM\...\{645877C4-2AB6-46B6-BD32-B251B0666F63}) (Version: 12.9.0.167 - Apple Inc.) Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.) PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.) ResumeMaker Professional (HKLM-x32\...\{D2E80193-7318-4707-A9DE-49AF663ADA73}) (Version: 17.0.0 - Individual Software Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS) Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-09-09] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-09-09] (AVAST Software) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-09-09] (AVAST Software) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-10-01] (Apple Inc.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-09-09] (AVAST Software) ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation) ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-09-09] (AVAST Software) ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {082C7C04-64D0-4B84-A349-7721718748EE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-351659774-2789822584-2971473695-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {09C65698-C9C6-4E33-A2FA-C4A34AC30B5A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated) Task: {0E56F2D0-B742-4F37-8828-226A7F10EAD3} - System32\Tasks\{9A3E2E1B-F965-483F-A6C4-566A3F6C7A5A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe" Task: {15B7F06F-D85E-497F-B535-065FFF269C63} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {2323A93E-7BA1-4786-A545-0BCE2A83F1DF} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-351659774-2789822584-2971473695-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {3092E4C6-3E0C-46E5-8FC6-98202A367BB3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {5709B950-77A4-4252-975F-A183F69B2EB3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {5CA48118-4283-4BC0-8513-58AA18D7DF8D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-22] (AVAST Software) Task: {64AEA831-CDC7-4363-BCCA-DC99F1065A9F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-09] (AVAST Software) Task: {6824FB61-68AD-44F9-85AD-CE8443E4AE13} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-05-31] (ASUS) Task: {6885F911-A2E4-4C86-AF0E-2CA149980C18} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-09-09] (AVAST Software) Task: {76EBC941-AE94-40A2-B134-F8137A26DF83} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-351659774-2789822584-2971473695-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe Task: {77680F60-9D40-4790-9613-F7B19F55389B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.) Task: {9562593F-A3CF-45AE-9B7A-6305F19AA1C7} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {A102FBFF-A926-455A-A6D0-FF051037B674} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-351659774-2789822584-2971473695-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {A4CC336D-AEE9-4A57-8F0F-60715BF57A48} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS) Task: {BEA192C0-2D93-4AAD-BFF7-E79B925971DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.) Task: {C1559F6B-C277-4A8E-8C14-4989D98FE780} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS) Task: {CE8BEA7A-9A74-47B2-9FF1-6C165AD4AAD9} - System32\Tasks\AdobeGCInvoker-1.0-NormanNorrisNot-NormanNorrisNotebook => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated) Task: {CF0E6896-D6AD-4934-9293-D3335AC0909E} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-09] (AVAST Software) Task: {DDDB5FA7-7E7D-40C7-8D22-5DC53F7040D8} - System32\Tasks\AdobeAAMUpdater-1.0-NormanNorrisNot-NormanNorrisNotebook => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated) Task: {E0A1E52A-A36E-4AEC-B46D-FAC4C9760E66} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2018-10-01] (Apple Inc.) Task: {E415D011-0019-432C-BB9E-862A32E4E86B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-351659774-2789822584-2971473695-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {ECB11EA6-B228-458D-84E1-266AD709C18B} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS) Task: {F9DEF54B-12D1-4A19-A7B7-32BB425F653D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-351659774-2789822584-2971473695-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-08-22 22:18 - 2018-08-22 22:18 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-11-30 19:54 - 2017-11-30 19:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 16:21 - 2013-06-28 11:58 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2018-09-09 08:39 - 2018-09-09 08:39 - 000703192 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll 2010-07-14 20:11 - 2010-07-14 20:11 - 000031360 _____ () C:\Program Files\P4G\DevMng.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2011-07-06 08:51 - 2011-05-23 20:16 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2018-08-28 10:46 - 2018-08-28 10:46 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2018-08-28 10:46 - 2018-08-28 10:46 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2010-09-23 20:53 - 2010-09-23 20:53 - 001601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe 2018-09-30 17:49 - 2018-09-15 04:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll 2018-09-30 17:49 - 2018-09-15 04:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll 2018-08-22 04:30 - 2018-08-22 04:31 - 031303168 _____ () C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\PepperFlash\30.0.0.154\pepflashplayer.dll 2018-09-09 08:39 - 2018-09-09 08:39 - 000575704 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2018-09-09 08:39 - 2018-09-09 08:39 - 000896216 _____ () C:\Program Files\AVAST Software\Avast\anen.dll 2018-09-09 08:39 - 2018-09-09 08:39 - 000541400 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll 2018-09-09 08:39 - 2018-09-09 08:39 - 000151768 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll 2018-09-09 08:39 - 2018-09-09 08:39 - 000986840 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll 2018-10-20 16:17 - 2018-10-20 16:17 - 005678224 _____ () C:\Program Files\AVAST Software\Avast\defs\18102008\algo.dll 2011-05-30 17:48 - 2011-05-30 17:48 - 000009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2018-08-22 22:19 - 2018-08-22 22:19 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-11-30 19:55 - 2017-11-30 19:55 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2018-08-22 22:18 - 2018-08-22 22:18 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2018-04-18 21:32 - 2018-04-18 21:32 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-11-18 11:59 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2012-02-11 09:53 - 000002198 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 activate.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 practivate.adobe 127.0.0.1 practivate.adobe.com 127.0.0.1 practivate.adobe.newoa 127.0.0.1 practivate.adobe.ntp 127.0.0.1 practivate.adobe.ipp 127.0.0.1 adobeereg.com 127.0.0.1 activate.wip1.adobe.com 127.0.0.1 activate.wip2.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 www.adobeereg.com 127.0.0.1 hl2rcv.adobe.com 127.0.0.1 wip.adobe.com 127.0.0.1 wip1.aobe.com 127.0.0.1 wip2.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 wip4.adobe.com 127.0.0.1 www.wip.adobe.com 127.0.0.1 www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com 127.0.0.1 www.wip3.adobe.com 127.0.0.1 www.wip4.adobe.com 127.0.0.1 3dns.adobe.com 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-351659774-2789822584-2971473695-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\NormanNorrisNotebook\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{70B3678A-C500-4330-8FCB-052498F8F537}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{37E9A1B2-DCD2-44C5-A64C-40E12E8B89A1}] => (Allow) LPort=2869 FirewallRules: [{369CE3F7-1261-4DA1-BAB7-7C91B70B1DAB}] => (Allow) LPort=1900 FirewallRules: [{1182D228-4C5D-4B7D-965E-D8E508521E06}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{34C335D1-AAC6-4A0D-B5ED-029A4D68E321}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [TCP Query User{4FC3B81A-4B7F-4F09-8931-C765921D5DB4}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{6E47F0D1-4F65-4507-A9A5-0274B77BBD41}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{60A8901C-070E-45E9-9194-E6243C8C605F}] => (Allow) C:\Program Files (x86)\AIM\aim.exe FirewallRules: [{8113EA74-8962-4E3B-A57F-067F0165EF29}] => (Allow) C:\Program Files (x86)\AIM\aim.exe FirewallRules: [{CE973F82-A4D5-40C1-9638-1A566A6D889D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{B6FD806F-7B15-4122-9128-AE45183F16C3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{2C325DC7-D883-4405-A09A-24A4D70DDD39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EF62AE92-49B2-45D5-A8C6-EC849C3A4C78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A3AFF605-6DB9-4FE7-A4D6-8AB53EB4AF2D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DC0979F6-82B6-4E7D-AE18-FD6A65B410D7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{96E00814-1014-4427-A270-A51F38EBAE33}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe FirewallRules: [{8971A852-A8C3-4535-B8A6-DE67AD22382E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe FirewallRules: [{4078C80A-10C1-48B3-9368-EE019D5888D0}] => (Allow) LPort=7935 FirewallRules: [{FA4A119F-63B8-402E-A92C-C91B4425636B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{3F8E4EF9-7B70-43B1-8C22-EDBE179765B1}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe FirewallRules: [{EC9C5002-6628-4C73-BC2B-587DD5A77EC5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe FirewallRules: [{32A4EEB4-B357-4604-8A12-540DD97383EC}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe FirewallRules: [{11BC6996-EF5D-411D-89BC-13C8B5FDADA7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{3C52F9CB-18B8-46D2-AA50-9EF44EF05265}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Restore Points ========================= 12-07-2018 21:41:48 Scheduled Checkpoint 01-08-2018 19:24:58 Configured LabelPrint 01-08-2018 19:28:55 Configured PowerStarter 01-08-2018 19:33:24 Configured Power2Go 01-08-2018 19:43:31 Removed Skype™ 7.3 28-08-2018 20:26:46 Scheduled Checkpoint 17-10-2018 16:16:43 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/20/2018 04:20:45 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (10/20/2018 04:19:05 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: \Device\NetBT_Tcpip_{D2132B83-3491-4909-A6E8-6A042F6821F8} Error: (10/17/2018 07:44:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (10/17/2018 07:34:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (10/17/2018 07:03:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (10/17/2018 07:03:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (10/17/2018 07:02:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 452: DNSServiceGetAddrInfo v4v6 Normans-iPod-touch-2.local. Error: (10/17/2018 07:02:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 452: Could not write data to client because of error - aborting connection System errors: ============= Error: (10/20/2018 04:17:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 70. The internal error state is 105. Error: (10/17/2018 07:10:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Search service hung on starting. Error: (10/17/2018 07:05:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VBoxAsw Support Driver service failed to start due to the following error: The system cannot find the path specified. Error: (10/17/2018 07:04:01 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (10/17/2018 02:59:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. Error: (10/17/2018 02:58:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. Error: (10/17/2018 02:58:02 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 70. The internal error state is 105. Error: (10/17/2018 02:55:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VBoxAsw Support Driver service failed to start due to the following error: The system cannot find the path specified. Windows Defender: =================================== Date: 2015-05-20 19:36:27.699 Description: Windows Defender scan has been stopped before completion. Scan ID:{53D5F14A-49A8-427A-94C6-537EB587FEDD} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2016-08-16 19:47:08.823 Description: Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted:Current Error Code:0x8050800d Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again. Signature version:1.225.4044.0 Engine version:1.1.12902.0 Date: 2014-11-09 14:44:10.338 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source:User Signature Type: Update Type: Current Engine Version: Previous Engine Version:1.1.11104.0 Error code:0x8050a003 Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Percentage of memory in use: 72% Total physical RAM: 3873.14 MB Available physical RAM: 1060.79 MB Total Virtual: 7744.46 MB Available Virtual: 4767.7 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:7.26 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:153.32 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: E3102A4B) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=153.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
Sorry, didn't explain why I think my computer is infected, I get a pop-up that will not let me close anything so I have to reboot and it will shut down my anti-virus as well, thanks.
Please, observe following rules: Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer. If you're stuck, or you're not sure about certain step, always ask before doing anything else. Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest. Never run more than one scan at a time. Keep updating me regarding your computer behavior, good, or bad. The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know. If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum. I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me. ======================================== Uninstall following unwanted program: DMUninstaller Download RogueKiller from one of the following links and save it to your Desktop: Link 1 Link 2 Close all the running programs Double click on downloaded setup.exe file to install the program. Click on Start Scan button. Click on another Start Scan button. Wait until the Status box shows Scan Finished Click on Remove Selected. Wait until the Status box shows Deleting Finished. Click on Report and copy/paste the content of the Notepad into your next reply. RKreport.txt could also be found on your desktop. If more than one log is produced post all logs. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. The Scan log is available throughout History ->Application logs. Please post it contents in your next reply. Please download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator The tool will start to update the database if one is required. Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. After the scan has finished, click on the Logfile button. A window will open which lists the logs of your scans. Click on the Scan tab. Double-click the most recent scan which will be at the top of the list....the log will appear. Review the results...see note below After reviewing the log, click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report). To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list. Copy and paste the contents of AdwCleaner[CX].txt in your next reply. A copy of all logfiles are saved to C:\AdwCleaner. -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
RogueKiller V12.13.5.0 (x64) [Oct 15 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : NormanNorrisNotebook [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 10/21/2018 14:30:47 (Duration : 00:34:23) Switches : -refid ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 3 ¤¤¤ [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Not selected [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-351659774-2789822584-2971473695-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Not selected [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-351659774-2789822584-2971473695-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Not selected ¤¤¤ Tasks : 2 ¤¤¤ [PUP.HackTool] %WINDIR%\Tasks\AutoKMS.job -- C:\Windows\AutoKMS\AutoKMS.exe -> Not selected [PUP.HackTool] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Not selected ¤¤¤ Files : 2 ¤¤¤ [PUP.HackTool][Folder] C:\Windows\AutoKMS -> Deleted [PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.ini -> Deleted [PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.log -> Deleted [PUP.Gen1][Folder] C:\Program Files\Uninstaller -> Deleted [PUP.Gen1][File] C:\Program Files\Uninstaller\Uninstall.xml -> Deleted ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543232A7A384 +++++ --- User --- [MBR] 2d7d94ba8776bd501073fc5c5b67dc55 [BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 122098 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 302487552 | Size: 157545 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/21/18 Scan Time: 3:26 PM Log File: 2d9d6ff8-d567-11e8-920d-c8600003e9e1.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7457 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: NormanNorrisNot\NormanNorrisNotebook -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 285757 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 7 min, 29 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.Conduit, HKU\S-1-5-21-351659774-2789822584-2971473695-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}, Quarantined, [217], [236865],1.0.7457 Registry Value: 1 PUP.Optional.Conduit, HKU\S-1-5-21-351659774-2789822584-2971473695-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}|URL, Quarantined, [217], [236865],1.0.7457 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) # ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-25-2018 # Database: 2018-10-12.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 10-21-2018 # Duration: 00:00:21 # OS: Windows 7 Home Premium # Cleaned: 11 # Failed: 2 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** Deleted C:\Windows\SysWOW64\rnd_chunk.bin ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll Deleted HKLM\Software\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Deleted HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Deleted HKLM\Software\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Deleted HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Deleted HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} ***** [ Chromium (and derivatives) ] ***** Deleted dlmebkoiahbppacaicbgncnjhbpdfkcc Deleted WhiteSmoke New ***** [ Chromium URLs ] ***** Deleted ICQ Search Deleted Ask Not Deleted Web Search... Not Deleted AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2093 octets] - [21/10/2018 17:38:53] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic. Double click to run it. Make sure you checkmark Addition.txt box. Press Scan button. Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018 Ran by NormanNorrisNotebook (administrator) on NORMANNORRISNOT (21-10-2018 20:16:48) Running from C:\Users\NormanNorrisNotebook\Downloads Loaded Profiles: NormanNorrisNotebook (Available Profiles: NormanNorrisNotebook) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\NormanNorrisNotebook\Downloads\FRST64 (2).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-04-13] (Realtek Semiconductor) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-20] (AVAST Software) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-08-22] (Apple Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-351659774-2789822584-2971473695-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-01] (Apple Inc.) HKU\S-1-5-21-351659774-2789822584-2971473695-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-10-01] (Apple Inc.) HKU\S-1-5-21-351659774-2789822584-2971473695-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-11-03] ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\Users\NormanNorrisNotebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2011-12-17] ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{435B54ED-922E-4478-BE65-25F0E29AE9A0}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{D2132B83-3491-4909-A6E8-6A042F6821F8}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/en-us/?pc=avmsp&ocid=PerDHP HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-351659774-2789822584-2971473695-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKU\S-1-5-21-351659774-2789822584-2971473695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/en-us/?pc=avmsp&ocid=PerDHP SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = SearchScopes: HKU\S-1-5-21-351659774-2789822584-2971473695-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = SearchScopes: HKU\S-1-5-21-351659774-2789822584-2971473695-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-351659774-2789822584-2971473695-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2016-07-09] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-07-19] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-23] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-23] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.msn.com/" CHR Profile: C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default [2018-10-21] CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-08-04] CHR Extension: (YouTube) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10] CHR Extension: (Google Search) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-02] CHR Extension: (iCloud Bookmarks) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-10-09] CHR Extension: (Avast Online Security) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-20] CHR Extension: (Chrome Media Router) - C:\Users\NormanNorrisNotebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-20] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-20] (AVAST Software) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-09] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-20] (AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-09] (AVAST Software) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201408 2018-10-20] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230512 2018-10-20] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201928 2018-10-20] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346760 2018-10-20] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59664 2018-10-20] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185240 2018-10-20] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47064 2018-10-20] (AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42456 2018-10-20] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163376 2018-10-20] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111968 2018-10-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88112 2018-10-20] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028840 2018-10-20] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467904 2018-10-20] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208640 2018-10-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381144 2018-10-20] (AVAST Software) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-10-21] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-10-21] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-10-21] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-21] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-10-21] (Malwarebytes) S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-21 20:16 - 2018-10-21 20:16 - 002414592 _____ (Farbar) C:\Users\NormanNorrisNotebook\Downloads\FRST64 (2).exe 2018-10-21 18:28 - 2018-10-21 20:14 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-10-21 18:28 - 2018-10-21 18:28 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-10-21 18:28 - 2018-10-21 18:28 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-10-21 18:26 - 2018-10-21 18:26 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-10-21 17:38 - 2018-10-21 17:38 - 007592144 _____ (Malwarebytes) C:\Users\NormanNorrisNotebook\Downloads\AdwCleaner (1).exe 2018-10-21 17:33 - 2018-10-21 17:33 - 007592144 _____ (Malwarebytes) C:\Users\NormanNorrisNotebook\Downloads\AdwCleaner.exe 2018-10-21 15:35 - 2018-10-21 15:35 - 000001585 _____ C:\Users\NormanNorrisNotebook\Desktop\mal.txt 2018-10-21 15:25 - 2018-10-21 15:25 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-10-21 15:25 - 2018-10-21 15:25 - 000000000 ____D C:\Users\NormanNorrisNotebook\AppData\Local\mbamtray 2018-10-21 15:25 - 2018-10-21 15:25 - 000000000 ____D C:\Users\NormanNorrisNotebook\AppData\Local\mbam 2018-10-21 15:24 - 2018-10-21 15:24 - 000001829 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-10-21 15:24 - 2018-10-21 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-10-21 15:24 - 2018-10-21 15:24 - 000000000 ____D C:\Program Files\Malwarebytes 2018-10-21 15:24 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-10-21 15:23 - 2018-10-21 15:23 - 080707680 _____ (Malwarebytes ) C:\Users\NormanNorrisNotebook\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7438.exe 2018-10-21 14:30 - 2018-10-21 15:25 - 000000000 ____D C:\ProgramData\RogueKiller 2018-10-21 14:30 - 2018-10-21 14:30 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-10-21 14:29 - 2018-10-21 14:29 - 000000820 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2018-10-21 14:29 - 2018-10-21 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-10-21 14:29 - 2018-10-21 14:29 - 000000000 ____D C:\Program Files\RogueKiller 2018-10-21 14:27 - 2018-10-21 14:28 - 036961368 _____ (Adlice Software ) C:\Users\NormanNorrisNotebook\Downloads\RogueKiller_setup_ref3.exe 2018-10-20 18:56 - 2018-10-20 18:55 - 000042456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2018-10-20 18:55 - 2018-10-20 18:55 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2018-10-20 16:30 - 2018-10-20 16:30 - 000038580 _____ C:\Users\NormanNorrisNotebook\Downloads\Addition.txt 2018-10-20 16:27 - 2018-10-21 20:18 - 000025997 _____ C:\Users\NormanNorrisNotebook\Downloads\FRST.txt 2018-10-20 16:24 - 2018-10-20 16:24 - 002414592 _____ (Farbar) C:\Users\NormanNorrisNotebook\Downloads\FRST64 (1).exe 2018-10-20 16:23 - 2018-10-21 20:16 - 000000000 ____D C:\FRST 2018-10-20 16:23 - 2018-10-20 16:23 - 002414592 _____ (Farbar) C:\Users\NormanNorrisNotebook\Downloads\FRST64.exe 2018-10-17 15:33 - 2018-10-17 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2018-10-17 15:01 - 2018-10-17 15:41 - 000000000 ____D C:\Users\Public\Resumes 2018-09-30 18:28 - 2018-09-30 18:28 - 000001709 _____ C:\Users\Public\Desktop\iTunes.lnk 2018-09-30 18:28 - 2018-09-30 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2018-09-30 18:28 - 2018-09-30 18:28 - 000000000 ____D C:\Program Files\iPod 2018-09-30 18:26 - 2018-09-30 18:28 - 000000000 ____D C:\Program Files\iTunes ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-21 18:39 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-10-21 18:39 - 2009-07-14 00:45 - 000018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-10-21 18:25 - 2012-04-12 18:12 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job 2018-10-21 18:25 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-10-21 17:38 - 2013-09-06 20:38 - 000000000 ____D C:\AdwCleaner 2018-10-21 15:24 - 2013-08-31 11:39 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-10-21 14:28 - 2012-04-12 18:27 - 000000000 ____D C:\Users\NormanNorrisNotebook\AppData\Local\Adobe 2018-10-21 00:20 - 2017-04-12 20:00 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2018-10-20 18:55 - 2017-11-09 16:34 - 000201408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2018-10-20 18:55 - 2014-07-29 09:43 - 000047064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2018-10-20 18:55 - 2013-12-31 18:20 - 000208640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2018-10-20 18:55 - 2013-07-07 20:25 - 000381144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2018-10-20 18:55 - 2013-07-07 20:25 - 000088112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2018-10-20 18:55 - 2012-03-01 00:13 - 001028840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2018-10-20 18:55 - 2012-03-01 00:13 - 000467904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2018-10-20 18:55 - 2012-03-01 00:13 - 000163376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2018-10-20 18:55 - 2012-03-01 00:13 - 000111968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2018-10-20 18:54 - 2017-10-11 21:20 - 000185240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2018-10-20 18:54 - 2017-04-12 20:00 - 000346760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys 2018-10-20 18:54 - 2017-04-12 20:00 - 000230512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2018-10-20 18:54 - 2017-04-12 20:00 - 000201928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys 2018-10-20 18:54 - 2017-04-12 20:00 - 000059664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys 2018-10-20 16:50 - 2012-03-01 00:14 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-10-20 16:50 - 2012-03-01 00:14 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-10-20 16:40 - 2018-06-09 17:19 - 000002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk 2018-10-20 16:40 - 2018-06-09 17:19 - 000002388 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk 2018-10-20 16:22 - 2012-03-01 00:08 - 000000000 ____D C:\Users\NormanNorrisNotebook\AppData\Roaming\Adobe 2018-10-20 16:18 - 2013-12-31 18:14 - 000000000 ____D C:\Users\NormanNorrisNotebook\AppData\Local\3D4CDB02-E2C4-4FF5-A74F-A3B365FB9CBF.aplzod 2018-10-17 19:03 - 2016-04-22 16:20 - 000000000 ____D C:\ProgramData\CanonIJPLM 2018-10-17 15:11 - 2013-12-31 18:13 - 000003464 _____ C:\Windows\System32\Tasks\Apple Diagnostics 2018-10-17 15:04 - 2012-04-16 17:28 - 000000000 ____D C:\Users\NormanNorrisNotebook\Documents\Resumes 2018-10-17 15:00 - 2018-06-09 17:16 - 000000000 ____D C:\Users\NormanNorrisNotebook\AppData\Local\AVAST Software 2018-09-22 20:21 - 2016-07-22 19:57 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Files in the root of some directories ======= 2015-09-28 19:10 - 2015-09-28 19:10 - 006420480 _____ () C:\Program Files (x86)\GUT8890.tmp 2012-04-28 20:57 - 2017-08-20 19:55 - 000000132 _____ () C:\Users\NormanNorrisNotebook\AppData\Roaming\Adobe PNG Format CS5 Prefs 2012-04-29 11:37 - 2017-10-09 19:52 - 000001456 _____ () C:\Users\NormanNorrisNotebook\AppData\Local\Adobe Save for Web 12.0 Prefs 2018-10-20 16:22 - 2018-10-20 16:22 - 000000000 _____ () C:\Users\NormanNorrisNotebook\AppData\Local\oobelibMkey.log Some files in TEMP: ==================== 2018-10-21 14:30 - 2017-09-13 11:31 - 001732864 _____ (Microsoft Corporation) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\dllnt_dump.dll 2013-09-26 20:03 - 2014-11-11 11:24 - 000150096 _____ (RealNetworks, Inc.) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\lowproc.exe 2014-07-29 11:05 - 2014-07-29 11:05 - 050067152 _____ (Microsoft Corporation) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe 2015-01-19 15:18 - 2015-01-19 15:18 - 001126480 ____N (CANON INC.) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\MSETUP4.EXE 2013-09-26 20:03 - 2014-11-11 11:25 - 000090624 _____ (RealNetworks, Inc.) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\stubhelper.dll 2016-03-15 18:16 - 2016-03-15 18:16 - 000000000 _____ () C:\Users\NormanNorrisNotebook\AppData\Local\Temp\w7nbknh3.dll 2012-08-16 05:34 - 2012-08-16 05:34 - 000455600 ____R (Macrovision Corporation) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\_is6681.exe 2015-10-13 11:57 - 2015-10-13 11:57 - 043332688 _____ (Google Inc.) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\{C221A67F-83B1-47BA-8F5B-6D5482C01143}-46.0.2490.71_chrome_installer.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-10-17 16:09 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018 Ran by NormanNorrisNotebook (21-10-2018 20:19:06) Running from C:\Users\NormanNorrisNotebook\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2012-03-01 03:44:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-351659774-2789822584-2971473695-500 - Administrator - Disabled) Guest (S-1-5-21-351659774-2789822584-2971473695-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-351659774-2789822584-2971473695-1010 - Limited - Enabled) NormanNorrisNotebook (S-1-5-21-351659774-2789822584-2971473695-1001 - Administrator - Enabled) => C:\Users\NormanNorrisNotebook ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems) Adobe After Effects CS5.5 Third Party Content (HKLM-x32\...\{606A0AC5-5F90-4379-81AE-11B44707E094}) (Version: 10.5 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated) Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated) Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.) Alcor Micro USB Card Reader (HKLM-x32\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology) ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS) ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.22 - ASUS) ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{33B98264-A889-4913-A0CA-C364A75032B3}) (Version: 1.1.45 - ASUS) ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.) AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK) Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 69.1.852.100 - AVAST Software) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.) Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.) Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.) Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version: - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS) Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.67 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.) iCloud (HKLM\...\{29C6B346-C29C-40CE-89EB-DF7C149E0EB9}) (Version: 7.7.0.27 - Apple Inc.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel) iTunes (HKLM\...\{645877C4-2AB6-46B6-BD32-B251B0666F63}) (Version: 12.9.0.167 - Apple Inc.) Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.) PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.) ResumeMaker Professional (HKLM-x32\...\{D2E80193-7318-4707-A9DE-49AF663ADA73}) (Version: 17.0.0 - Individual Software Inc.) RogueKiller version 12.13.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.13.5.0 - Adlice Software) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS) Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-20] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-20] (AVAST Software) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-20] (AVAST Software) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-10-01] (Apple Inc.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-20] (AVAST Software) ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-20] (AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {082C7C04-64D0-4B84-A349-7721718748EE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-351659774-2789822584-2971473695-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {09C65698-C9C6-4E33-A2FA-C4A34AC30B5A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated) Task: {0E56F2D0-B742-4F37-8828-226A7F10EAD3} - System32\Tasks\{9A3E2E1B-F965-483F-A6C4-566A3F6C7A5A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe" Task: {15B7F06F-D85E-497F-B535-065FFF269C63} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {1C244C77-0F07-4387-9F71-8525E1B057C4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-10-20] (AVAST Software) Task: {2323A93E-7BA1-4786-A545-0BCE2A83F1DF} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-351659774-2789822584-2971473695-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {3092E4C6-3E0C-46E5-8FC6-98202A367BB3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {5709B950-77A4-4252-975F-A183F69B2EB3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {5CA48118-4283-4BC0-8513-58AA18D7DF8D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-09-22] (AVAST Software) Task: {64AEA831-CDC7-4363-BCCA-DC99F1065A9F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-09] (AVAST Software) Task: {6824FB61-68AD-44F9-85AD-CE8443E4AE13} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-05-31] (ASUS) Task: {76EBC941-AE94-40A2-B134-F8137A26DF83} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-351659774-2789822584-2971473695-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe Task: {77680F60-9D40-4790-9613-F7B19F55389B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.) Task: {9562593F-A3CF-45AE-9B7A-6305F19AA1C7} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {A102FBFF-A926-455A-A6D0-FF051037B674} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-351659774-2789822584-2971473695-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {A4CC336D-AEE9-4A57-8F0F-60715BF57A48} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS) Task: {BEA192C0-2D93-4AAD-BFF7-E79B925971DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.) Task: {C1559F6B-C277-4A8E-8C14-4989D98FE780} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS) Task: {CE8BEA7A-9A74-47B2-9FF1-6C165AD4AAD9} - System32\Tasks\AdobeGCInvoker-1.0-NormanNorrisNot-NormanNorrisNotebook => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated) Task: {CF0E6896-D6AD-4934-9293-D3335AC0909E} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-09] (AVAST Software) Task: {DDDB5FA7-7E7D-40C7-8D22-5DC53F7040D8} - System32\Tasks\AdobeAAMUpdater-1.0-NormanNorrisNot-NormanNorrisNotebook => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated) Task: {E0A1E52A-A36E-4AEC-B46D-FAC4C9760E66} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2018-10-01] (Apple Inc.) Task: {E415D011-0019-432C-BB9E-862A32E4E86B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-351659774-2789822584-2971473695-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {ECB11EA6-B228-458D-84E1-266AD709C18B} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS) Task: {F9DEF54B-12D1-4A19-A7B7-32BB425F653D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-351659774-2789822584-2971473695-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-08-22 22:18 - 2018-08-22 22:18 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-11-30 19:54 - 2017-11-30 19:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 16:21 - 2013-06-28 11:58 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2018-10-21 15:24 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-10-21 15:24 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-10-20 18:55 - 2018-10-20 18:55 - 000730328 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2010-07-14 20:11 - 2010-07-14 20:11 - 000031360 _____ () C:\Program Files\P4G\DevMng.dll 2011-07-06 08:51 - 2011-05-23 20:16 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2018-08-28 10:46 - 2018-08-28 10:46 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2018-08-28 10:46 - 2018-08-28 10:46 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2010-09-23 20:53 - 2010-09-23 20:53 - 001601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe 2018-10-20 16:50 - 2018-10-15 20:01 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.67\libglesv2.dll 2018-10-20 16:50 - 2018-10-15 20:01 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.67\libegl.dll 2018-10-20 18:55 - 2018-10-20 18:55 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll 2018-10-20 18:55 - 2018-10-20 18:55 - 000598232 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2018-10-21 14:26 - 2018-10-21 14:26 - 005678224 _____ () C:\Program Files\AVAST Software\Avast\defs\18102102\algo.dll 2018-10-20 18:55 - 2018-10-20 18:55 - 000496856 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll 2018-10-20 18:54 - 2018-10-20 18:54 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll 2018-10-20 18:55 - 2018-10-20 18:55 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll 2011-05-30 17:48 - 2011-05-30 17:48 - 000009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2018-08-22 22:19 - 2018-08-22 22:19 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-11-30 19:55 - 2017-11-30 19:55 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2018-08-22 22:18 - 2018-08-22 22:18 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2018-04-18 21:32 - 2018-04-18 21:32 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-11-18 11:59 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2012-02-11 09:53 - 000002198 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 activate.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 practivate.adobe 127.0.0.1 practivate.adobe.com 127.0.0.1 practivate.adobe.newoa 127.0.0.1 practivate.adobe.ntp 127.0.0.1 practivate.adobe.ipp 127.0.0.1 adobeereg.com 127.0.0.1 activate.wip1.adobe.com 127.0.0.1 activate.wip2.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 www.adobeereg.com 127.0.0.1 hl2rcv.adobe.com 127.0.0.1 wip.adobe.com 127.0.0.1 wip1.aobe.com 127.0.0.1 wip2.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 wip4.adobe.com 127.0.0.1 www.wip.adobe.com 127.0.0.1 www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com 127.0.0.1 www.wip3.adobe.com 127.0.0.1 www.wip4.adobe.com 127.0.0.1 3dns.adobe.com 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-351659774-2789822584-2971473695-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\NormanNorrisNotebook\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{70B3678A-C500-4330-8FCB-052498F8F537}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{37E9A1B2-DCD2-44C5-A64C-40E12E8B89A1}] => (Allow) LPort=2869 FirewallRules: [{369CE3F7-1261-4DA1-BAB7-7C91B70B1DAB}] => (Allow) LPort=1900 FirewallRules: [{1182D228-4C5D-4B7D-965E-D8E508521E06}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{34C335D1-AAC6-4A0D-B5ED-029A4D68E321}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [TCP Query User{4FC3B81A-4B7F-4F09-8931-C765921D5DB4}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{6E47F0D1-4F65-4507-A9A5-0274B77BBD41}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{60A8901C-070E-45E9-9194-E6243C8C605F}] => (Allow) C:\Program Files (x86)\AIM\aim.exe FirewallRules: [{8113EA74-8962-4E3B-A57F-067F0165EF29}] => (Allow) C:\Program Files (x86)\AIM\aim.exe FirewallRules: [{CE973F82-A4D5-40C1-9638-1A566A6D889D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{B6FD806F-7B15-4122-9128-AE45183F16C3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{2C325DC7-D883-4405-A09A-24A4D70DDD39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EF62AE92-49B2-45D5-A8C6-EC849C3A4C78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A3AFF605-6DB9-4FE7-A4D6-8AB53EB4AF2D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DC0979F6-82B6-4E7D-AE18-FD6A65B410D7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{96E00814-1014-4427-A270-A51F38EBAE33}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe FirewallRules: [{8971A852-A8C3-4535-B8A6-DE67AD22382E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe FirewallRules: [{4078C80A-10C1-48B3-9368-EE019D5888D0}] => (Allow) LPort=7935 FirewallRules: [{FA4A119F-63B8-402E-A92C-C91B4425636B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{3C52F9CB-18B8-46D2-AA50-9EF44EF05265}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{AB711776-81E4-4646-9C42-5A4425DEAD8A}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe FirewallRules: [{61C66C50-D572-4012-B0A4-9C1D7E6BE1CF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{3F8E4EF9-7B70-43B1-8C22-EDBE179765B1}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe FirewallRules: [{EC9C5002-6628-4C73-BC2B-587DD5A77EC5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe ==================== Restore Points ========================= 01-08-2018 19:24:58 Configured LabelPrint 01-08-2018 19:28:55 Configured PowerStarter 01-08-2018 19:33:24 Configured Power2Go 01-08-2018 19:43:31 Removed Skype™ 7.3 28-08-2018 20:26:46 Scheduled Checkpoint 17-10-2018 16:16:43 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/21/2018 08:13:17 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (10/21/2018 07:04:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10124 Error: (10/21/2018 07:04:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10124 Error: (10/21/2018 07:04:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/21/2018 07:04:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9110 Error: (10/21/2018 07:04:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9110 Error: (10/21/2018 07:04:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/21/2018 07:04:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8080 System errors: ============= Error: (10/21/2018 06:46:22 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 70. The internal error state is 105. Error: (10/21/2018 06:33:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (10/21/2018 06:30:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Search service hung on starting. Error: (10/21/2018 06:25:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VBoxAsw Support Driver service failed to start due to the following error: The system cannot find the path specified. Error: (10/21/2018 06:24:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device Service service failed to start due to the following error: The pipe has been ended. Error: (10/21/2018 06:23:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/21/2018 06:23:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/21/2018 06:23:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Genuine Monitor Service service terminated unexpectedly. It has done this 1 time(s). Windows Defender: =================================== Date: 2015-05-20 19:36:27.699 Description: Windows Defender scan has been stopped before completion. Scan ID:{53D5F14A-49A8-427A-94C6-537EB587FEDD} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2016-08-16 19:47:08.823 Description: Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted:Current Error Code:0x8050800d Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again. Signature version:1.225.4044.0 Engine version:1.1.12902.0 Date: 2014-11-09 14:44:10.338 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source:User Signature Type: Update Type: Current Engine Version: Previous Engine Version:1.1.11104.0 Error code:0x8050a003 Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Percentage of memory in use: 77% Total physical RAM: 3873.14 MB Available physical RAM: 878.03 MB Total Virtual: 7744.46 MB Available Virtual: 4426.12 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:15.73 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:153.32 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: E3102A4B) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=153.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST(FRST64) and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. For whatever reason I can't attach "fixlist.txt" file so I uploaded it here: https://www.sendspace.com/file/qc9fgd
Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018 Ran by NormanNorrisNotebook (22-10-2018 19:27:42) Run:1 Running from C:\Users\NormanNorrisNotebook\Desktop\New folder Loaded Profiles: NormanNorrisNotebook & (Available Profiles: NormanNorrisNotebook) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM-x32\...\Run: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = SearchScopes: HKU\S-1-5-21-351659774-2789822584-2971473695-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = SearchScopes: HKU\S-1-5-21-351659774-2789822584-2971473695-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-351659774-2789822584-2971473695-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] 2015-09-28 19:10 - 2015-09-28 19:10 - 006420480 _____ () C:\Program Files (x86)\GUT8890.tmp 2012-04-28 20:57 - 2017-08-20 19:55 - 000000132 _____ () C:\Users\NormanNorrisNotebook\AppData\Roaming\Adobe PNG Format CS5 Prefs 2012-04-29 11:37 - 2017-10-09 19:52 - 000001456 _____ () C:\Users\NormanNorrisNotebook\AppData\Local\Adobe Save for Web 12.0 Prefs 2018-10-20 16:22 - 2018-10-20 16:22 - 000000000 _____ () C:\Users\NormanNorrisNotebook\AppData\Local\oobelibMkey.log 2018-10-21 14:30 - 2017-09-13 11:31 - 001732864 _____ (Microsoft Corporation) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\dllnt_dump.dll 2013-09-26 20:03 - 2014-11-11 11:24 - 000150096 _____ (RealNetworks, Inc.) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\lowproc.exe 2014-07-29 11:05 - 2014-07-29 11:05 - 050067152 _____ (Microsoft Corporation) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe 2015-01-19 15:18 - 2015-01-19 15:18 - 001126480 ____N (CANON INC.) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\MSETUP4.EXE 2013-09-26 20:03 - 2014-11-11 11:25 - 000090624 _____ (RealNetworks, Inc.) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\stubhelper.dll 2016-03-15 18:16 - 2016-03-15 18:16 - 000000000 _____ () C:\Users\NormanNorrisNotebook\AppData\Local\Temp\w7nbknh3.dll 2012-08-16 05:34 - 2012-08-16 05:34 - 000455600 ____R (Macrovision Corporation) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\_is6681.exe 2015-10-13 11:57 - 2015-10-13 11:57 - 043332688 _____ (Google Inc.) C:\Users\NormanNorrisNotebook\AppData\Local\Temp\{C221A67F-83B1-47BA-8F5B-6D5482C01143}-46.0.2490.71_chrome_installer.exe ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ***************** "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKU\S-1-5-21-351659774-2789822584-2971473695-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully HKU\S-1-5-21-351659774-2789822584-2971473695-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => removed successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found "HKU\S-1-5-21-351659774-2789822584-2971473695-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => not found "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}" => removed successfully HKLM\System\CurrentControlSet\Services\AvastVBoxSvc => could not remove, key could be protected HKLM\System\CurrentControlSet\Services\AppMgmt => removed successfully AppMgmt => service removed successfully HKLM\System\CurrentControlSet\Services\VBoxAswDrv => could not remove, key could be protected C:\Program Files (x86)\GUT8890.tmp => moved successfully C:\Users\NormanNorrisNotebook\AppData\Roaming\Adobe PNG Format CS5 Prefs => moved successfully C:\Users\NormanNorrisNotebook\AppData\Local\Adobe Save for Web 12.0 Prefs => moved successfully C:\Users\NormanNorrisNotebook\AppData\Local\oobelibMkey.log => moved successfully C:\Users\NormanNorrisNotebook\AppData\Local\Temp\dllnt_dump.dll => moved successfully C:\Users\NormanNorrisNotebook\AppData\Local\Temp\lowproc.exe => moved successfully C:\Users\NormanNorrisNotebook\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => moved successfully C:\Users\NormanNorrisNotebook\AppData\Local\Temp\MSETUP4.EXE => moved successfully C:\Users\NormanNorrisNotebook\AppData\Local\Temp\stubhelper.dll => moved successfully C:\Users\NormanNorrisNotebook\AppData\Local\Temp\w7nbknh3.dll => moved successfully C:\Users\NormanNorrisNotebook\AppData\Local\Temp\_is6681.exe => moved successfully C:\Users\NormanNorrisNotebook\AppData\Local\Temp\{C221A67F-83B1-47BA-8F5B-6D5482C01143}-46.0.2490.71_chrome_installer.exe => moved successfully HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-10-2018 19:35:33) Result of scheduled keys to remove after reboot: HKLM\System\CurrentControlSet\Services\AvastVBoxSvc => could not remove, key could be protected HKLM\System\CurrentControlSet\Services\VBoxAswDrv => could not remove, key could be protected ==== End of Fixlog 19:35:33 ====
Last scans... Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so. NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me. NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender Other Services Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply. Download Temp File Cleaner (TFC) Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe Double click on TFC.exe to run the program. Click on Start button to begin cleaning process. TFC will close all running programs, and it may ask you to restart computer. Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program
Hey Broni there where no virus found after that last thing you wanted me to do so I don't have a log file to post. Results of screen317's Security Check version 1.014 --- 12/23/15 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avast Antivirus Malwarebytes Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 16.0.0.305 Flash Player out of Date! Google Chrome (70.0.3538.67) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamtray.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast x64 aswidsagenta.exe AVAST Software Browser Update 1.4.141.333\AvastBrowserCrashHandler.exe AVAST Software Browser Update 1.4.141.333\AvastBrowserCrashHandler64.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` Farbar Service Scanner Version: 27-01-2016 Ran by NormanNorrisNotebook (administrator) on 23-10-2018 at 15:12:05 Running from "C:\Users\NormanNorrisNotebook\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
Update Adobe Flash Player: http://get.adobe.com/flashplayer/ Make sure you UN-check Yes, install McAfee Security Scan Plus NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player. NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside. ======================================== Your computer is clean 1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments... This is a very crucial step so make sure you don't skip it. Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles. Double-click Delfix.exe to start the tool. Make sure the following items are checked: Activate UAC (optional; some users prefer to keep it off) Remove disinfection tools Create registry backup Purge System Restore Reset system settings Now click "Run" and wait patiently. Once finished a logfile will be created. You don't have to attach it to your next reply. 2. Make sure Windows Updates are current. 3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately! 4. Check if your browser plugins are up to date. Firefox - https://www.mozilla.org/en-US/plugincheck/ other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now") 5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer. 6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix). 7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager. The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases. 8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page. 9. Read: How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/ About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642 10. Please, let me know, how your computer is doing.
