Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected with Unwanted Websites and WordFence


  • Please log in to reply

#16
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 397 posts

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Amanda (17-01-2019 19:22:51) Run:7
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} /s
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A} /s
Reg: Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /s

*****************


========= Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A} /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


==== End of Fixlog 19:22:52 ====


  • 0

Advertisements


#17
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,070 posts

Lets fix:

 

Start::
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
@="Action Center"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}]
@="Windows Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}]
@="Windows Defender"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:00000000

EndRegedit:
Reboot:
End::

 

 

Run FSS after a restart. Check your Control Pannel.


  • 0

#18
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 397 posts

Action Center, Windows Update and Windows Defender icons are now all showing in Control Panel.

 

Logs are below.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Amanda (17-01-2019 19:30:37) Run:8
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
@="Action Center"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}]
@="Windows Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}]
@="Windows Defender"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:00000000
EndRegedit:
Reboot:

*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully

====> Registry


The system needed a reboot.

==== End of Fixlog 19:30:38 ====

 

 

Farbar Service Scanner Version: 27-01-2016
Ran by Amanda (administrator) on 17-01-2019 at 19:32:18
Running from "C:\Users\Amanda\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0

#19
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,070 posts

Outstanding, congratulations.

 

Windows Defender is disabled, perhaps is AVG as certain antivirus programs will disable Windows Defender. Lets delete the entire value and see

Run this fix:

 

Start::

Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /f

End::

 

 

Then run Services.msc

 

Scroll down to Windows Defender and double click on it. Make sure is either automatic or a delayed start. Start the service

 

Let me know the outcome.


  • 0

#20
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 397 posts

Unfortunately,  I need to run an errand right now.  I will follow your instructions later this evening and then post a reply.  Thank you very much for your help so far!


  • 0

#21
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,070 posts

Very well. I'll be back in the a.m.. Good night.


  • 0

#22
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 397 posts

I followed the instructions from Post #19.  Here is the FSS log.  When I click on Windows Defender from Control Panel, it opens up properly.

 

Should I do another FRST scan?


  • 0

#23
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,070 posts
Please do.
  • 0

#24
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 397 posts

Here are the FRST logs.  I will be out of the house for the day and won't be able to respond until this evening.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019 01
Ran by Amanda (administrator) on AMANDA-HP (18-01-2019 07:28:34)
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [308656 2019-01-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [308656 2019-01-04] (AVG Technologies CZ, s.r.o.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] ()
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [182272 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] ()
HKLM\...\Drivers32-x32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32-x32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] ()
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] ()
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}] -> msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2011-09-20] (Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll [2011-09-20] (Broadcom Corporation.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9955086B-673D-4CF2-9BDF-346645A0F1B5}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {25E212C1-69E6-4924-90D3-CD7783E644F9} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FireFox:
========
FF DefaultProfile: cjf2nppd.default-1547470643528
FF ProfilePath: C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\cjf2nppd.default-1547470643528 [2019-01-18]
FF Extension: (Adblock Plus) - C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\cjf2nppd.default-1547470643528\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-01-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-03-15] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-12-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-12-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [357872 2019-01-04] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7882752 2019-01-04] (AVG Technologies CZ, s.r.o.)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3987152 2017-05-27] (Paramount Software UK Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37160 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [203336 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [223616 2019-01-14] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [196632 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblog.sys [320744 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [58008 2019-01-04] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [46432 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42336 2019-01-04] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [166328 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [111848 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87992 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1033904 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [474504 2019-01-04] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [217912 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [380000 2019-01-04] (AVG Technologies CZ, s.r.o.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2019-01-18] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 mrcbt; C:\Windows\System32\drivers\mrcbt.sys [73928 2018-03-28] (Windows ® Win 7 DDK provider)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-18 07:28 - 2019-01-18 07:29 - 000017793 _____ C:\Users\Amanda\Desktop\FRST.txt
2019-01-16 21:49 - 2019-01-16 21:49 - 000000000 ____D C:\Users\Amanda\Desktop\FRST-OlderVersion
2019-01-16 16:04 - 2019-01-16 16:04 - 000899584 _____ (Farbar) C:\Users\Amanda\Desktop\FSS.exe
2019-01-16 14:41 - 2019-01-16 14:41 - 000757746 _____ C:\Users\Amanda\Documents\Joelene Reference Letter.pdf
2019-01-16 13:19 - 2019-01-16 13:19 - 000000245 _____ C:\Users\Amanda\Desktop\Toronto Ontario Estate Auctions & House Content Sales - The Great Estate Sale - Upcoming Estate & Content.URL
2019-01-14 12:42 - 2019-01-14 12:42 - 000223616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2019-01-14 07:57 - 2019-01-14 07:57 - 000000000 ____D C:\Users\Amanda\Desktop\Old Firefox Data
2019-01-14 07:50 - 2019-01-14 07:50 - 007320272 _____ (Malwarebytes) C:\Users\Amanda\Desktop\adwcleaner_7.2.6.0.exe
2019-01-12 15:39 - 2019-01-12 15:39 - 000000000 ____D C:\ProgramData\Emsisoft
2019-01-10 21:04 - 2019-01-10 21:04 - 000002306 _____ C:\Users\Amanda\Desktop\Beyond - Star Descendant Collectors.lnk
2019-01-10 21:03 - 2019-01-10 21:03 - 000000000 ____D C:\Program Files (x86)\Games
2019-01-07 15:20 - 2019-01-07 15:20 - 000000267 _____ C:\Users\Amanda\Desktop\G2G Forum.URL
2019-01-04 08:42 - 2019-01-04 08:41 - 000361392 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2019-01-04 08:42 - 2019-01-04 08:41 - 000320744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblog.sys
2019-01-04 08:42 - 2019-01-04 08:41 - 000196632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2019-01-04 08:42 - 2019-01-04 08:41 - 000058008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2019-01-04 08:42 - 2019-01-04 08:41 - 000037160 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2019-01-03 18:31 - 2019-01-17 23:21 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-01-03 09:10 - 2019-01-03 09:10 - 048344608 _____ (Microsoft Corporation) C:\Users\Amanda\Desktop\Windows-KB890830-x64-V5.67.exe
2019-01-01 11:17 - 2019-01-01 11:17 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\AVG
2019-01-01 11:17 - 2019-01-01 11:17 - 000000000 ____D C:\Users\Amanda\AppData\Local\Avg
2019-01-01 11:17 - 2019-01-01 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2019-01-01 11:16 - 2019-01-17 23:21 - 000003904 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2019-01-01 11:16 - 2019-01-04 08:41 - 001033904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000474504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000380000 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000217912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000203336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000166328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000111848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000087992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000046432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000042336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2019-01-01 11:16 - 2019-01-01 11:16 - 000000000 ____D C:\Windows\System32\Tasks\AVG
2019-01-01 11:16 - 2019-01-01 11:16 - 000000000 ____D C:\Program Files\Common Files\AVG
2019-01-01 11:15 - 2019-01-01 11:15 - 000000000 ____D C:\Program Files\AVG
2019-01-01 11:14 - 2019-01-01 15:01 - 000000000 ____D C:\ProgramData\AVG
2018-12-31 10:01 - 2018-12-31 10:02 - 000206070 _____ C:\TDSSKiller.3.1.0.25_31.12.2018_10.01.41_log.txt
2018-12-31 10:01 - 2018-12-31 10:01 - 000000366 _____ C:\TDSSKiller.3.1.0.24_31.12.2018_10.01.05_log.txt
2018-12-30 11:38 - 2019-01-02 16:23 - 000000000 ____D C:\Program Files\Common Files\AV
2018-12-30 09:26 - 2019-01-18 07:27 - 002427904 _____ (Farbar) C:\Users\Amanda\Desktop\FRST64.exe
2018-12-27 13:30 - 2019-01-17 23:21 - 000003206 _____ C:\Windows\System32\Tasks\{B2859790-1CBC-48FC-B2DF-BED06E883DB7}
2018-12-20 10:49 - 2018-12-20 10:49 - 037534866 _____ C:\Users\Amanda\Desktop\2018 Honda CR-V Owner's Manual.pdf
2018-12-20 08:41 - 2018-12-14 19:06 - 000397088 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-12-20 08:41 - 2018-12-14 18:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-12-20 08:41 - 2018-12-14 03:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-12-20 08:41 - 2018-12-14 03:01 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-12-20 08:41 - 2018-12-14 02:51 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-12-20 08:41 - 2018-12-14 02:49 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-12-20 08:41 - 2018-12-14 02:49 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-12-20 08:41 - 2018-12-14 02:48 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-20 08:41 - 2018-12-14 02:41 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-12-20 08:41 - 2018-12-14 02:38 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-12-20 08:41 - 2018-12-14 02:33 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-12-20 08:41 - 2018-12-14 02:24 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-12-20 08:41 - 2018-12-14 02:24 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-12-20 08:41 - 2018-12-14 02:23 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-12-20 08:41 - 2018-12-14 02:18 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-12-20 08:41 - 2018-12-14 02:17 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-12-20 08:41 - 2018-12-14 02:06 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-20 08:41 - 2018-12-14 02:06 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-12-20 08:41 - 2018-12-14 02:04 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-12-20 08:41 - 2018-12-14 01:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-12-20 08:41 - 2018-12-14 01:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-12-20 08:41 - 2018-12-14 01:45 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-20 08:41 - 2018-12-14 01:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-12-20 08:41 - 2018-12-14 01:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-12-20 08:41 - 2018-12-14 01:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-12-20 08:41 - 2018-12-14 01:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-12-20 08:41 - 2018-12-14 01:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-12-20 08:41 - 2018-12-14 01:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-12-20 08:41 - 2018-12-14 01:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-12-20 08:41 - 2018-12-14 01:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-12-20 08:41 - 2018-12-14 01:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-12-20 08:41 - 2018-12-14 01:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-12-20 08:41 - 2018-12-14 01:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-12-20 08:41 - 2018-12-14 01:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-12-20 08:41 - 2018-12-14 01:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-12-20 08:41 - 2018-12-14 01:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-12-20 08:41 - 2018-12-14 01:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-12-20 08:41 - 2018-12-14 01:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-12-20 08:41 - 2018-12-14 01:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-12-20 08:41 - 2018-12-14 01:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-12-20 08:41 - 2018-12-14 01:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-12-20 08:41 - 2018-12-14 01:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-12-20 08:41 - 2018-12-14 01:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-12-20 08:41 - 2018-12-14 01:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-12-20 08:41 - 2018-12-14 01:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-12-20 08:41 - 2018-12-14 01:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-12-20 08:41 - 2018-12-14 01:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-12-20 08:41 - 2018-12-14 01:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-12-20 08:41 - 2018-12-14 00:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-12-20 08:41 - 2018-12-14 00:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-12-20 08:41 - 2018-12-14 00:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-12-20 08:40 - 2018-12-14 03:09 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-20 08:40 - 2018-12-14 02:49 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-12-20 08:40 - 2018-12-14 02:48 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-12-20 08:40 - 2018-12-14 02:42 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-12-20 08:40 - 2018-12-14 02:39 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-12-20 08:40 - 2018-12-14 02:38 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-12-20 08:40 - 2018-12-14 02:38 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-20 08:40 - 2018-12-14 02:38 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-12-20 08:40 - 2018-12-14 02:36 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-20 08:40 - 2018-12-14 02:30 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-12-20 08:40 - 2018-12-14 02:21 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-12-20 08:40 - 2018-12-14 02:20 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-12-20 08:40 - 2018-12-14 02:09 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-12-20 08:40 - 2018-12-14 02:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-12-20 08:40 - 2018-12-14 02:02 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-20 08:40 - 2018-12-14 01:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-20 08:40 - 2018-12-14 01:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-19 10:58 - 2018-12-19 11:30 - 000001945 _____ C:\Windows\epplauncher.mif
2018-12-19 10:38 - 2018-12-19 10:38 - 000000000 ____D C:\Users\Amanda\Documents\Thule Manuals
2018-12-19 10:34 - 2018-12-19 10:39 - 000000000 ____D C:\Users\Amanda\Documents\35 Forestlane Private Documents

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-18 07:28 - 2018-05-16 20:49 - 000000000 ____D C:\FRST
2019-01-18 07:26 - 2018-03-14 21:02 - 000000000 ____D C:\Users\Amanda\AppData\LocalLow\Mozilla
2019-01-18 07:25 - 2018-04-09 13:43 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2019-01-18 07:25 - 2018-03-15 14:23 - 000000336 _____ C:\Windows\Tasks\HPCeeScheduleForAmanda.job
2019-01-18 07:25 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-17 23:22 - 2009-07-13 23:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-17 23:22 - 2009-07-13 23:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-17 23:21 - 2018-12-08 21:18 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-17 23:21 - 2018-12-08 21:18 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-17 23:21 - 2018-05-06 19:50 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-01-17 23:21 - 2018-04-30 19:02 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-01-17 23:21 - 2018-04-30 15:27 - 000003616 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-01-17 23:21 - 2018-04-30 15:27 - 000003370 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-01-17 23:21 - 2018-04-06 14:52 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-01-17 23:21 - 2018-04-06 14:52 - 000002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-01-17 23:21 - 2018-04-05 11:49 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-17 23:21 - 2018-03-15 14:23 - 000003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAmanda
2019-01-17 23:21 - 2018-03-14 21:38 - 000003136 _____ C:\Windows\System32\Tasks\klcp_update
2019-01-17 23:21 - 2018-03-14 21:11 - 000000000 ____D C:\Users\Amanda\AppData\Local\ClassicShell
2019-01-17 23:21 - 2018-03-14 20:29 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F52EBCF6-B655-4260-897D-6C56F659BD58}
2019-01-16 21:50 - 2018-03-17 15:56 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\uTorrent
2019-01-16 12:03 - 2018-03-28 16:24 - 000000000 ____D C:\Games Downloaded
2019-01-15 16:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2019-01-15 10:05 - 2018-07-13 11:03 - 000000000 ____D C:\Users\Amanda\Documents\Bob OlympiaFinancial
2019-01-15 07:49 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-01-14 14:17 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-14 13:59 - 2018-04-10 09:39 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\MPC-HC
2019-01-12 09:44 - 2018-03-14 21:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-01-12 09:44 - 2018-03-14 21:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-11 15:46 - 2018-03-15 09:39 - 137260640 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-10 21:04 - 2018-09-19 20:55 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\Mad Head Games
2019-01-10 10:21 - 2018-04-16 12:44 - 000000000 ____D C:\ProgramData\RedFox
2019-01-10 08:56 - 2018-09-23 08:36 - 000313366 _____ C:\Users\Amanda\Desktop\WindowsUpdate.diagcab
2019-01-09 14:46 - 2018-04-14 19:10 - 000000000 ____D C:\AdwCleaner
2019-01-09 08:15 - 2009-07-14 00:08 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-01-08 20:58 - 2018-07-01 09:39 - 000000000 ____D C:\Users\Amanda\Documents\Mom Menus
2019-01-05 18:27 - 2018-05-06 19:49 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-02 14:44 - 2018-05-07 13:48 - 000000233 _____ C:\Users\Amanda\Desktop\Cinematik.URL
2018-12-30 09:54 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\Help
2018-12-28 12:57 - 2018-03-15 15:55 - 000000000 ____D C:\Users\Amanda\AppData\Local\CrashDumps
2018-12-28 12:33 - 2018-03-14 20:26 - 000000000 ____D C:\Users\Amanda
2018-12-28 12:32 - 2018-10-29 14:26 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mahjong Epic 2
2018-12-28 12:32 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-12-28 11:42 - 2018-10-20 13:37 - 000000000 ____D C:\Users\Amanda\AppData\Local\Google
2018-12-25 08:51 - 2018-04-06 14:52 - 000000000 ____D C:\Program Files\CCleaner
2018-12-24 13:06 - 2018-11-02 11:02 - 000000000 ____D C:\Windows\Minidump
2018-12-20 12:05 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-12-20 08:42 - 2018-03-15 09:49 - 000766100 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2018-09-14 14:25 - 2018-09-14 14:44 - 044858529 _____ () C:\Program Files (x86)\MahJong.Suite.2015.v12.0.rar
2018-04-18 11:24 - 2018-04-18 11:24 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_122435.txt
2018-04-18 11:28 - 2018-04-18 11:28 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_122827.txt
2018-04-18 14:03 - 2018-04-18 14:03 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_150359.txt
2018-04-18 14:09 - 2018-04-18 14:09 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_150955.txt
2018-04-10 08:19 - 2018-04-10 08:19 - 000007667 _____ () C:\Users\Amanda\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-13 09:42

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Amanda (18-01-2019 07:29:47)
Running from C:\Users\Amanda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-03-15 01:26:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3956403641-1016103790-1991301254-500 - Administrator - Disabled)
Amanda (S-1-5-21-3956403641-1016103790-1991301254-1000 - Administrator - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-3956403641-1016103790-1991301254-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3956403641-1016103790-1991301254-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.1.3075 - AVG Technologies)
Beyond Star Descendant Collectors 1.00 (HKLM-x32\...\Beyond Star Descendant Collectors 1.00) (Version: 1.00 - Games)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2300 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.2300 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
Canon MG5700 series On-screen Manual (HKLM-x32\...\Canon MG5700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Pro (HKLM\...\{E466DA1C-39B7-4FA7-98F5-3B7910976C3D}) (Version: 7.3.2.5495 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{F09C4BE3-9935-4457-A936-69D3C574E351}) (Version: 1.5.1.0 - HP Inc)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Computing Improvement Program (HKLM\...\{F6B5BD59-21F0-47F8-A6C6-63BAEB1A6569}) (Version: 2.1.03720 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
K-Lite Mega Codec Pack 14.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.0 - KLCP)
Macrium Reflect Server Edition (HKLM\...\{49157BD6-B5D3-4DBB-98C8-A604D4332D9B}) (Version: 7.0.2187 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Server Edition (HKLM\...\MacriumReflect) (Version: 7.0 - Paramount Software (UK) Ltd.)
Mahjong Epic 2 (HKLM-x32\...\Mahjong Epic 21.1) (Version: 1.1 - Foxy Games)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sudoku Works (HKLM-x32\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-01-04] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-05-27] (Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-05-27] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-09] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-01-04] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03941A70-4158-4900-8D36-8F597CD87A6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-08] (Google Inc.)
Task: {20FCFF64-00DD-401D-B1AE-BB1FD97DC929} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {3FFF6A91-3416-4527-85E7-C8676FC6B608} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-03-15] (Hewlett-Packard Company)
Task: {430E6E3F-AD4A-4913-83CD-C2BE5A226333} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {4905C002-F590-4680-86A0-5BE5EB439202} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {510F5F28-A804-486C-8788-646341D85963} - System32\Tasks\HPCeeScheduleForAmanda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {58FD8687-A1F3-4CED-BFDE-DD71224F3616} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {5C119B90-A340-4B24-8FD2-5B85872ED0C7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-12-04] (Adobe Systems Incorporated)
Task: {85006378-4CFB-47BB-8A7E-F3CC7A44AD4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-03-15] (Hewlett-Packard Company)
Task: {9DF6E07E-92B7-43C0-B9BC-5D13950CADB4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {AEC6D5B8-E058-4CCB-90BB-3CFA2D8EA1B4} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2019-01-04] (AVG Technologies CZ, s.r.o.)
Task: {B22AF7EA-67F5-45E8-84D4-8AAE462B59D6} - System32\Tasks\{B2859790-1CBC-48FC-B2DF-BED06E883DB7} => C:\Windows\system32\pcalua.exe -a C:\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe -d C:\Downloads\installer_x86-x64_89006
Task: {BCC2C7F2-FB3D-480A-8D73-4136010BFF28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2013-02-19] (Hewlett-Packard)
Task: {CE06BBC7-8750-4BAB-8EA6-7CFD9DAAA460} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {DA92ED9A-F28D-4472-A96B-59809B015955} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-08] (Google Inc.)
Task: {DE495F0A-E470-43AB-8A28-875990DDC93C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {E1965C9E-3865-4D70-8D4E-5C7C11653368} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {E487927D-AB5A-482F-9AD0-13974F682CB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2018-02-12] (Microsoft)
Task: {E7AF0378-02B1-48AE-B600-C1ADBD2E42C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {FE0A8B75-AB27-45BE-A930-582338E20769} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2019-01-16] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForAmanda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":
WMI:subscription\__EventFilter->BVTFilter:
WMI:subscription\CommandLineEventConsumer->BVTConsumer:

==================== Loaded Modules (Whitelisted) ==============

2019-01-04 08:41 - 2019-01-04 08:41 - 000662960 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2019-01-17 18:05 - 2019-01-17 18:05 - 006937800 _____ () C:\Program Files\AVG\Antivirus\defs\19011704\algo64.dll
2019-01-04 08:41 - 2019-01-04 08:41 - 000550832 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2019-01-04 08:41 - 2019-01-04 08:41 - 001967536 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2019-01-18 07:26 - 2019-01-18 07:26 - 006937800 _____ () C:\Program Files\AVG\Antivirus\defs\19011800\algo64.dll
2011-08-09 10:44 - 2011-08-09 10:44 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2019-01-04 08:41 - 2019-01-04 08:41 - 093696960 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-10-24 09:21 - 2018-10-24 09:21 - 000172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c2fa64d925dff964b5574da71f162548\IsdiInterop.ni.dll
2018-03-14 21:19 - 2011-05-20 12:05 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2017-07-13 15:23 - 2017-07-13 15:23 - 000042744 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32api.pyd
2017-07-13 15:22 - 2017-07-13 15:22 - 000060664 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pywintypes27.dll
2017-07-13 15:22 - 2017-07-13 15:22 - 000126712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\pythoncom27.dll
2017-07-13 15:23 - 2017-07-13 15:23 - 000024312 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_multiprocessing.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000047352 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_ctypes.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000026872 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\win32service.pyd
2017-07-13 15:22 - 2017-07-13 15:22 - 000023800 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\servicemanager.pyd
2017-07-13 15:23 - 2017-07-13 15:23 - 000031992 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\_socket.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-09 13:42 - 2018-04-09 13:42 - 000000143 ____R C:\Windows\system32\drivers\etc\hosts

127.0.0.1                   keystone.mwbsys.com
127.0.0.1                   sirius.mwbsys.com
127.0.0.1                   bactem.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Broadcom\Broadcom 802.11\Driver;;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files\Broadcom\WHL\SysWow64\syswow64;C:\Program Files (x86)\Intel\Services\IPT\
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KMService.lnk => C:\Windows\pss\KMService.lnk.CommonStartup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Reflect UI => C:\Program Files\Macrium\Common\ReflectUI.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{98B44A3A-A17A-47E5-ABDB-F1798C77AD44}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{5943820C-A840-4247-8DD5-5142C5020FF5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{0C736896-C1B9-4853-B4A5-77860361B3A8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{5989919C-1183-43C8-88B8-0A1A33B2BA2A}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
FirewallRules: [{5BFE4BC2-21AB-47BE-922A-041ED5B9C7F7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
FirewallRules: [{DC7D60E8-68E0-4278-B0B4-F88D4745A367}] => (Allow) C:\Program Files (x86)\EaseUS\System GoBack Free\bin\Agent.exe No File
FirewallRules: [{14C51BDB-5C59-40F2-8CD5-805177EB6BFD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{DF89369F-FE8A-43AB-BF45-B844BF6ACD05}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{3B890484-52B9-445E-9B59-E0FBD05E4B1B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{2A9980C4-D766-46DF-A58A-1054ACDC1F84}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{9ED67588-1049-42F2-88CE-A4355EA89C0B}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies CZ, s.r.o.)
FirewallRules: [{83FDEEBF-24CD-427F-B00C-FAC797B268B8}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies CZ, s.r.o.)

==================== Restore Points =========================

14-01-2019 21:33:55 Scheduled Checkpoint
16-01-2019 21:50:07 Restore Point Created by FRST
16-01-2019 21:59:33 Restore Point Created by FRST
17-01-2019 07:49:26 Restore Point Created by FRST
17-01-2019 18:07:19 Restore Point Created by FRST
17-01-2019 22:25:43 G2G RepairControl Panel

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2019 07:25:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/17/2019 07:31:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/17/2019 07:10:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/17/2019 06:09:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/17/2019 06:07:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e5708a1e-ad9a-478a-94bd-1479b2dbe972}

Error: (01/17/2019 06:04:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/17/2019 08:14:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/17/2019 07:51:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (01/18/2019 07:27:33 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.

Error: (01/18/2019 07:26:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/18/2019 07:25:02 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE

Error: (01/17/2019 08:21:48 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{84515f45-27fb-11e8-9f78-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{B4B8E4D5-8DF3-4E47-9A9F-1D5747B12092}

Error: (01/17/2019 08:20:26 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{84515f45-27fb-11e8-9f78-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0266347A-E467-4C3A-96ED-7E65F91A110D}

Error: (01/17/2019 08:19:08 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{84515f45-27fb-11e8-9f78-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1E92C5B9-915B-43DA-842E-920F14D4DD67}

Error: (01/17/2019 08:17:49 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{84515f45-27fb-11e8-9f78-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{91FE0624-796A-4A46-8C1B-2C6F58D7DD35}

Error: (01/17/2019 07:33:45 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.


CodeIntegrity:
===================================

Date: 2018-12-02 00:03:52.082
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod01D6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-12-02 00:03:51.739
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod01D6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-12-02 00:03:51.458
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod01D6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-18 00:45:37.392
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_64\14406\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-18 00:45:37.033
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_64\14406\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-18 00:45:36.752
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_64\14406\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-05 14:22:16.019
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod6CDC.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-05 14:22:15.691
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod6CDC.dll.nup.raw because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 49%
Total physical RAM: 6091.86 MB
Available physical RAM: 3104.61 MB
Total Virtual: 12181.86 MB
Available Virtual: 9069.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:905.46 GB) (Free:510.87 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:21.89 GB) (Free:2.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32

\\?\Volume{84515f44-27fb-11e8-9f78-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A65C9874)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=905.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End of Addition.txt ============================


  • 0

#25
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,070 posts
  • Highlight the entire content of the quote box below.

Start::
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
FirewallRules: [{DC7D60E8-68E0-4278-B0B4-F88D4745A367}] => (Allow) C:\Program Files (x86)\EaseUS\System GoBack Free\bin\Agent.exe No File
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

 

It is important to keep a backup of your registry to avoid these type of issues. The following is a wonderful tool:

Backing Up Your Registry

  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.

 

How is the overall performance of the computer?


  • 0

Advertisements


#26
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 397 posts

Log attached.  I also installed and ran ERUNT.

 

The computer is working very well.  I was able to download and install Windows updates.  Windows Defender works (although I don't use it because I'm running AVG.)  And Action Center opens up properly from Control Panel.

 

However, I did notice that Windows update KB4481480 2019-01 Security and Quality Rollup has been installed sucessfully twice, and I just got a notice to install it a third time.  Same thing for KB4481488 2019-01 Preview of Quality Rollup.

 

Thank you very much for all your help in fixing my computer.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Amanda (18-01-2019 15:03:09) Run:10
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
FirewallRules: [{DC7D60E8-68E0-4278-B0B4-F88D4745A367}] => (Allow) C:\Program Files (x86)\EaseUS\System GoBack Free\bin\Agent.exe No File

*****************

HKLM\System\CurrentControlSet\Services\ekrnEpfw => removed successfully
ekrnEpfw => service removed successfully
HKLM\System\CurrentControlSet\Services\clwvd => removed successfully
clwvd => service removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ESET Security Shell => removed successfully
HKLM\Software\Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ESET Security Shell => removed successfully
HKLM\Software\Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ESET Security Shell => removed successfully
HKLM\Software\Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC7D60E8-68E0-4278-B0B4-F88D4745A367}" => removed successfully

==== End of Fixlog 15:03:16 ====


Edited by Jackpine, Today, 03:30 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP