Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slowing up. Browser issue? Or something else? [Closed]


  • This topic is locked This topic is locked

#1
ssundberg

ssundberg

    Member

  • Member
  • PipPip
  • 78 posts

Hello,

It's been a few years since I've done a deep-clean of my computer via GeekstoGo, and would greatly appreciate your help. Recently, I've been noticing that my desktop becomes slow after I've had Firefox or Chrome open for a while. I have attempted to reduce the "content process limit" in Firefox but when I examine the processes in my task manager, there are still multiple Firefox processes going. Perhaps I just need to reinstall Firefox?

Thank you for your help!

I've attached the two FRST reports.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.01.2019
Ran by Owner (administrator) on OWNER-PC (13-01-2019 09:30:35)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Helen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\TRENDnet\TEW-623PI\WlanCU.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\DLautoR.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2252800 2009-08-28] (VIA)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM-x32\...\Run: [runfile] => C:\Program Files (x86)\DisplayLink\DLsetup\NoConsoleExe.exe [7168 2011-03-18] ()
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2018-10-21] (Apple Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1377445722-260433633-3850440793-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1377445722-260433633-3850440793-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1377445722-260433633-3850440793-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Drivers32-x32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.)
HKLM\...\Drivers32-x32: [vidc.yv12] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.)
HKLM\...\Drivers32-x32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [7680 2009-12-29] ()
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk [2013-09-23]
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-623PI\WlanCU.exe ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-11-11]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Cartridge Alerts - HP DJ 1110 series.lnk [2019-01-13]
ShortcutTarget: Monitor Cartridge Alerts - HP DJ 1110 series.lnk -> C:\Program Files\HP\HP DeskJet 1110 series\Bin\HPStatusBL.dll (HP Inc.)
BootExecute: autocheck autochk * lsdelete
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1377445722-260433633-3850440793-1003\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{6FFCA664-23A7-4948-AF92-25DB490339AB}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{7252DCD3-F8BD-46B7-81D1-51D22918FDB4}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{7F960C4F-F6F4-4020-85E2-63597165028B}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{E25D10BE-D7F3-4428-A531-C0ADFD8E8307}: [DhcpNameServer] 192.168.0.1 205.171.3.25

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1377445722-260433633-3850440793-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1377445722-260433633-3850440793-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=Z192&install_date=20110930
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {BD776319-9155-41DC-8DC1-F7C17E525709} URL = hxxp://www.google.com/#hl=en&source=hp&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {7DC117D9-5C82-41C3-B205-95C7FE9BD1F9} URL = hxxp://www.google.com/#hl=en&source=hp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1377445722-260433633-3850440793-1001 -> {7DC117D9-5C82-41C3-B205-95C7FE9BD1F9} URL =
SearchScopes: HKU\S-1-5-21-1377445722-260433633-3850440793-1001 -> {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20110930&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-1377445722-260433633-3850440793-1001 -> {BD776319-9155-41DC-8DC1-F7C17E525709} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-11-11] (Sun Microsystems, Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF DefaultProfile: jlsn1jmc.ssundberg
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jlsn1jmc.ssundberg [2019-01-13]
FF Homepage: Mozilla\Firefox\Profiles\jlsn1jmc.ssundberg -> hxxps://www.google.com/
FF Extension: (Cisco Webex Extension) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jlsn1jmc.ssundberg\Extensions\[email protected] [2018-06-18]
FF Extension: (Nimbus Screen Capture) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jlsn1jmc.ssundberg\Extensions\[email protected] [2017-11-16]
FF Extension: (Save Button for Pinterest) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jlsn1jmc.ssundberg\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2018-02-19]
FF Extension: (Share Button for Facebook™) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\jlsn1jmc.ssundberg\Extensions\{d4e0dc9c-c356-438e-afbe-dca439f4399d}.xpi [2017-12-23]
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\op5kn562.default-1471714487240 [2018-06-18]
FF Homepage: Mozilla\Firefox\Profiles\op5kn562.default-1471714487240 -> google.com/
FF Extension: (Web Developer) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\op5kn562.default-1471714487240\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-08-20] [Legacy]
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Greyfirst\Celtx\Profiles\oq7op4xf.default [2011-11-19]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2010-05-31] [Legacy] [not signed]
FF Extension: (Default Shot Palette) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2010-05-31] [Legacy] [not signed]
FF Extension: (MSN-Smileys) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2010-05-31] [Legacy] [not signed]
FF Extension: (DOM Inspector) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2010-05-31] [Legacy] [not signed]
FF Extension: (Blackened) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2010-05-31] [Legacy] [not signed]
FF Extension: (Depth) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2010-05-31] [Legacy] [not signed]
FF Extension: (Minimal) - C:\Program Files (x86)\Celtx\extensions\[email protected] [2010-05-31] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-08-24] (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-01-24] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-11-02] (Cisco WebEx LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-10-09]
CHR Extension: (Fotor Photo Editor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2018-07-04]
CHR Extension: (uBlock Origin) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-30]
CHR Extension: (Polarr Photo Editor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2018-07-04]
CHR Extension: (Dropbox for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-07-04]
CHR Extension: (Polarr Photo Editor Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhggacdeldojnpbgknpipalghlkbcimk [2018-07-04]
CHR Extension: (Word Online) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2018-07-04]
CHR Extension: (Caret) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljalecfjciodhpcledpamjachpmelml [2018-09-01]
CHR Extension: (Drive Notepad) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgjomejfimnbmobcocilppikhncegaj [2018-07-04]
CHR Extension: (Image Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcljlcpbfbkapegpifkodjdmdllgdlmk [2018-07-04]
CHR Extension: (World Data Atlas) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knlgfedckdhkgjinnhogmhkbcjpmmhko [2018-07-04]
CHR Extension: (Google Play) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2018-07-04]
CHR Extension: (Office Online) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2018-07-04]
CHR Extension: (Google Authenticator) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkhnbmlaefgkjpaghgphiceaocdblgl [2018-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-03]
CHR Extension: (Audio Converter) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2018-07-04]
CHR Extension: (Better Browse for Netflix) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\olciafpppkdhlcjfmaibelnopafmhmdd [2018-09-17]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-11-11] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8882136 2012-09-28] (DisplayLink Corp.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [17408 2015-05-15] (hxxp://libusb-win32.sourceforge.net)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-08-12] (Lavasoft AB)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-01-16] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-01-16] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-01-16] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [2061856 2010-03-23] (Realtek Semiconductor Corporation )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (Created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-13 09:30 - 2019-01-13 09:36 - 000021796 _____ C:\Users\Owner\Desktop\FRST.txt
2019-01-13 09:29 - 2019-01-13 09:30 - 000000000 ____D C:\FRST
2019-01-13 09:28 - 2019-01-13 09:27 - 002427392 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2019-01-13 09:27 - 2019-01-13 09:27 - 000000000 ____D C:\Users\Owner\Downloads\GeeksToGo
2019-01-08 13:32 - 2018-12-28 17:42 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-01-08 13:32 - 2018-12-28 16:52 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-01-08 13:32 - 2018-12-28 14:03 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-01-08 13:32 - 2018-12-28 14:02 - 005552360 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-01-08 13:32 - 2018-12-28 14:02 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-01-08 13:32 - 2018-12-28 14:02 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-01-08 13:32 - 2018-12-28 14:02 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-01-08 13:32 - 2018-12-28 14:02 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-01-08 13:32 - 2018-12-28 14:02 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-01-08 13:32 - 2018-12-28 14:01 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:51 - 004055272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-01-08 13:32 - 2018-12-28 13:51 - 003960552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-01-08 13:32 - 2018-12-28 13:50 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:34 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-01-08 13:32 - 2018-12-28 13:34 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-01-08 13:32 - 2018-12-28 13:34 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-01-08 13:32 - 2018-12-28 13:34 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-01-08 13:32 - 2018-12-28 13:31 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-01-08 13:32 - 2018-12-28 13:31 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-01-08 13:32 - 2018-12-28 13:31 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-01-08 13:32 - 2018-12-28 13:30 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-01-08 13:32 - 2018-12-28 13:28 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-01-08 13:32 - 2018-12-28 13:28 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-01-08 13:32 - 2018-12-28 13:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-01-08 13:32 - 2018-12-28 13:27 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-01-08 13:32 - 2018-12-28 13:27 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-01-08 13:32 - 2018-12-28 13:27 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-01-08 13:32 - 2018-12-28 13:27 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-01-08 13:32 - 2018-12-28 13:27 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-01-08 13:32 - 2018-12-28 13:27 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-01-08 13:32 - 2018-12-28 13:27 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-01-08 13:32 - 2018-12-28 13:27 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-01-08 13:32 - 2018-12-28 13:27 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-01-08 13:32 - 2018-12-28 13:27 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-01-08 13:32 - 2018-12-28 13:26 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-01-08 13:32 - 2018-12-28 13:26 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 13:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-01-08 13:32 - 2018-12-28 12:09 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2019-01-08 13:32 - 2018-12-28 12:09 - 000419608 _____ C:\Windows\system32\locale.nls
2019-01-08 13:32 - 2018-12-27 18:01 - 025738240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-08 13:32 - 2018-12-27 17:50 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-01-08 13:32 - 2018-12-27 17:50 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-01-08 13:32 - 2018-12-27 17:38 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-08 13:32 - 2018-12-27 17:37 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-01-08 13:32 - 2018-12-27 17:36 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-01-08 13:32 - 2018-12-27 17:36 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-01-08 13:32 - 2018-12-27 17:36 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-01-08 13:32 - 2018-12-27 17:36 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-01-08 13:32 - 2018-12-27 17:31 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-01-08 13:32 - 2018-12-27 17:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-01-08 13:32 - 2018-12-27 17:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-01-08 13:32 - 2018-12-27 17:26 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-01-08 13:32 - 2018-12-27 17:25 - 020279808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-01-08 13:32 - 2018-12-27 17:25 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-01-08 13:32 - 2018-12-27 17:25 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-01-08 13:32 - 2018-12-27 17:25 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-01-08 13:32 - 2018-12-27 17:24 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-01-08 13:32 - 2018-12-27 17:17 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-01-08 13:32 - 2018-12-27 17:17 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-01-08 13:32 - 2018-12-27 17:14 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-01-08 13:32 - 2018-12-27 17:07 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-01-08 13:32 - 2018-12-27 17:07 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-01-08 13:32 - 2018-12-27 17:06 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-01-08 13:32 - 2018-12-27 17:05 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-01-08 13:32 - 2018-12-27 17:05 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-01-08 13:32 - 2018-12-27 17:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-01-08 13:32 - 2018-12-27 17:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-01-08 13:32 - 2018-12-27 17:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-01-08 13:32 - 2018-12-27 17:03 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-01-08 13:32 - 2018-12-27 17:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-01-08 13:32 - 2018-12-27 17:02 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-01-08 13:32 - 2018-12-27 17:01 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-01-08 13:32 - 2018-12-27 16:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-01-08 13:32 - 2018-12-27 16:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-01-08 13:32 - 2018-12-27 16:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-01-08 13:32 - 2018-12-27 16:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-01-08 13:32 - 2018-12-27 16:55 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-01-08 13:32 - 2018-12-27 16:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-01-08 13:32 - 2018-12-27 16:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-01-08 13:32 - 2018-12-27 16:50 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-01-08 13:32 - 2018-12-27 16:48 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-08 13:32 - 2018-12-27 16:48 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-01-08 13:32 - 2018-12-27 16:48 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-01-08 13:32 - 2018-12-27 16:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-01-08 13:32 - 2018-12-27 16:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-01-08 13:32 - 2018-12-27 16:45 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-01-08 13:32 - 2018-12-27 16:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-01-08 13:32 - 2018-12-27 16:42 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-01-08 13:32 - 2018-12-27 16:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-01-08 13:32 - 2018-12-27 16:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-01-08 13:32 - 2018-12-27 16:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-01-08 13:32 - 2018-12-27 16:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-01-08 13:32 - 2018-12-27 16:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-01-08 13:32 - 2018-12-27 16:33 - 004860416 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-08 13:32 - 2018-12-27 16:33 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-01-08 13:32 - 2018-12-27 16:31 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-01-08 13:32 - 2018-12-27 16:29 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-01-08 13:32 - 2018-12-27 16:29 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-01-08 13:32 - 2018-12-27 16:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-01-08 13:32 - 2018-12-27 16:28 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-01-08 13:32 - 2018-12-27 16:22 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-08 13:32 - 2018-12-27 16:11 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-01-08 13:32 - 2018-12-27 16:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-01-08 13:32 - 2018-12-27 16:07 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-01-08 13:32 - 2018-12-27 16:06 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-01-08 13:32 - 2018-12-07 21:08 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2019-01-08 13:32 - 2018-12-07 21:08 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2019-01-08 13:32 - 2018-12-07 21:08 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2019-01-08 13:32 - 2018-12-07 21:08 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2019-01-08 13:32 - 2018-12-07 21:08 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2019-01-08 13:32 - 2018-12-07 21:08 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2019-01-08 13:32 - 2018-12-07 20:56 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2019-01-08 13:32 - 2018-12-07 20:56 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2019-01-08 13:32 - 2018-12-07 20:56 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2019-01-08 13:32 - 2018-12-07 20:47 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-01-08 13:32 - 2018-12-07 20:47 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2019-01-08 13:32 - 2018-12-07 20:47 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2019-01-08 13:32 - 2018-12-07 20:41 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2019-01-08 13:32 - 2018-12-07 20:41 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2019-01-08 13:32 - 2018-12-07 20:41 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2019-01-08 13:32 - 2018-12-07 09:33 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-01-08 12:36 - 2019-01-08 12:36 - 006161920 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One month (Modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-13 09:31 - 2009-07-13 22:45 - 000015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-13 09:31 - 2009-07-13 22:45 - 000015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-13 09:16 - 2016-11-19 09:57 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2019-01-13 09:05 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-13 09:04 - 2016-11-17 15:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-01-13 09:04 - 2012-05-03 23:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-12 20:39 - 2009-07-13 23:13 - 000783102 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-12 20:39 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2019-01-08 16:42 - 2011-01-26 20:40 - 000775224 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-01-08 15:57 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\rescache
2019-01-08 13:43 - 2013-08-15 01:44 - 000000000 ____D C:\Windows\system32\MRT
2019-01-08 13:23 - 2010-03-12 20:06 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-08 12:37 - 2018-03-13 07:17 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-08 12:37 - 2013-01-12 12:51 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-01-08 12:37 - 2012-04-14 18:21 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-01-08 12:37 - 2011-07-11 17:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-08 12:36 - 2012-01-11 17:57 - 000000000 ____D C:\Windows\system32\Macromed
2019-01-08 12:36 - 2010-03-13 11:39 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-01-06 15:48 - 2015-11-16 19:35 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-06 14:56 - 2011-03-27 11:54 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-06 14:56 - 2011-03-27 11:54 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-17 12:46 - 2011-04-10 19:32 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-17 12:46 - 2011-04-10 19:32 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2015-07-16 06:38 - 2015-07-16 06:38 - 006420480 _____ () C:\Program Files (x86)\GUT28A6.tmp
2014-08-31 05:53 - 2014-08-31 05:53 - 000003029 _____ () C:\Users\Owner\AppData\Roaming\.ptbt0
2010-11-02 20:02 - 2011-07-24 18:11 - 000000000 _____ () C:\Users\Owner\AppData\Roaming\FileIn.cns
2010-11-02 20:02 - 2011-07-24 18:11 - 000000000 _____ () C:\Users\Owner\AppData\Roaming\FileOut.cns
2011-08-23 18:41 - 2013-02-03 13:38 - 000115177 _____ () C:\Users\Owner\AppData\Local\ars.cache
2011-08-23 18:41 - 2013-02-03 13:38 - 000280660 _____ () C:\Users\Owner\AppData\Local\census.cache
2011-08-23 18:34 - 2011-08-23 18:34 - 000000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
2014-05-15 18:58 - 2018-02-06 16:47 - 000000033 _____ () C:\Users\Owner\AppData\Local\rssbuilder.config
2014-05-15 19:06 - 2014-05-15 19:06 - 000000033 _____ () C:\Users\Owner\AppData\Local\rssbuilder.ftpconfig
2011-12-24 03:27 - 2011-12-24 03:28 - 000000000 _____ () C:\Users\Owner\AppData\Local\{992767E7-E75E-4617-9961-7C6F3D3B7589}

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\SysWOW64\dlumdfb10.dll
C:\Windows\SysWOW64\dlumdfb11.dll
C:\Windows\SysWOW64\dlumdfb9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-08 15:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.01.2019
Ran by Owner (13-01-2019 09:38:11)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-03-13 01:48:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1377445722-260433633-3850440793-500 - Administrator - Disabled)
Guest (S-1-5-21-1377445722-260433633-3850440793-501 - Limited - Disabled)
Helen (S-1-5-21-1377445722-260433633-3850440793-1003 - Limited - Enabled) => C:\Users\Helen.Owner-PC.000
HomeGroupUser$ (S-1-5-21-1377445722-260433633-3850440793-1002 - Limited - Enabled)
Owner (S-1-5-21-1377445722-260433633-3850440793-1001 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{6421F085-1FAA-DE13-D02A-CFB412C522A4}) (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Ad-Aware (HKLM-x32\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 8.3.0 - Lavasoft) Hidden
Ad-Aware (HKLM-x32\...\Ad-Aware) (Version:  - Lavasoft)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1377445722-260433633-3850440793-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Amazon Music (HKU\S-1-5-21-1377445722-260433633-3850440793-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Any Video Converter 3.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Aqsis Renderer 1.8.2 (HKLM-x32\...\Aqsis) (Version: 1.8.2 - Aqsis Team)
ArcSoft PhotoStudio 6 (HKLM-x32\...\{C90D0D99-BABC-459F-9188-6F1D40AFF66D}) (Version: 6.0.0.176 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{40BD15A3-E031-5CF1-6994-550A4C059127}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Audacity 1.3.12 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.0.8179 - )
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bve trainsim 5 (HKLM-x32\...\{2932C822-1FF5-4C9E-B57C-2C13E6F4A647}) (Version: 1.0.0 - mackoy)
Bve trainsim Keisei Chiba Line (HKLM-x32\...\{A807A6A9-FFD0-4F08-B6DE-6FD3914F73E8}) (Version: 1.0.0 - mackoy)
ccc-core-static (HKLM-x32\...\{8BEBFC25-802A-7443-87AE-BDFC41527594}) (Version: 2009.0625.1812.30825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)
Celtx (2.7) (HKLM-x32\...\Celtx (2.7)) (Version: 2.7 (en-US) - Greyfirst)
Cisco WebEx Meetings (HKU\S-1-5-21-1377445722-260433633-3850440793-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
ClipboardFusion 2.0.5 (HKLM-x32\...\ce862fb9-804d-4d16-98f5-677fa31b647c_is1) (Version: 2.0.5.0 - Binary Fortress Software)
CuteFTP 6 Professional (HKLM-x32\...\{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}) (Version: 6.00.0000 - GlobalSCAPE Texas, LP.) Hidden
CuteFTP 6 Professional (HKLM-x32\...\InstallShield_{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}) (Version: 6.00.0000 - GlobalSCAPE Texas, LP.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.64) (Version: 1.1.0.64 - DAZ 3D)
DCETools - ReDynaMix HDR 1.01 (HKLM-x32\...\ReDynaMix HDR (Adobe Photoshop Plug-in)_is1) (Version:  - Mediachance)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DiskAid 3.24 (HKLM-x32\...\DiskAid_is1) (Version: 3.24 - DigiDNA)
DisplayLink Core Software (HKLM\...\{C9957CB3-3562-4D97-A5BD-94D46840D0E0}) (Version: 7.0.41905.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{6F1BECF5-DA30-4B75-949A-818783784EAC}) (Version: 7.0.42429.0 - DisplayLink Corp.)
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.4.1.4 - DivX, LLC)
DLsetup (HKLM-x32\...\{DCA3BDB6-557E-44EB-8104-160038C42842}) (Version: 1.00.0000 - DisplayLink)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version:  - NCH Software)
Drive Rescue 1.9 (HKLM-x32\...\Drive Rescue_is1) (Version:  - Alexander Grau)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
eBook Maestro FREE 1.80 (HKLM-x32\...\eBook Maestro FREE_is1) (Version: 1.80 - eBookMaestro)
eBook Maestro PRO 1.80 (HKLM-x32\...\eBook Maestro PRO_is1) (Version: 1.80 - eBookMaestro)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version:  - )
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 2.40 - NCH Software)
FairStars CD Ripper 1.80 (HKLM-x32\...\FairStars CD Ripper_is1) (Version:  - FairStars Soft)
FastStone Image Viewer 4.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.2 - FastStone Soft)
FFmpeg 2009-01-08 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
Filter Forge 2.008 (HKLM-x32\...\Filter Forge 2_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 2 - Photo Effects 1.012 (HKLM-x32\...\Filter Forge Freepack 2 - Photo Effects_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 4 - Distortions 1.015 (HKLM-x32\...\Filter Forge Freepack 4 - Distortions_is1) (Version:  - Filter Forge, Inc.)
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Font Xplorer 1.2.2  (HKLM-x32\...\Font Xplorer) (Version:  - )
Fotomatic 1.3v (HKLM-x32\...\{45C4CE4D-64B7-47C8-A946-9737CD4C0259}_is1) (Version:  - Cybia)
GIMP 2.6.8 (HKLM-x32\...\WinGimp-2.0_is1) (Version:  - )
Gmask 1.70 English (HKLM-x32\...\Gmask 1.70 English) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript 8.63 (HKLM-x32\...\GPL Ghostscript 8.63) (Version:  - )
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP DeskJet 1110 series Basic Device Software (HKLM\...\{1FD07F90-C399-4FE8-B6B0-B7AABC2401FC}) (Version: 40.11.1124.17107 - HP Inc.)
HP DeskJet 1110 series Help (HKLM-x32\...\{9477806C-4CDB-4878-8B9D-800933878781}) (Version: 35.0.0 - Hewlett Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKU\S-1-5-21-1377445722-260433633-3850440793-1001\...\HP Photo Creations) (Version: 1.0.0.22192 - HP)
Hugin 2011.4.0 (HKLM-x32\...\Hugin) (Version: 2011.4.0 hg_cf9be9344356 - The Hugin Development Team)
ImTOO Video Converter Ultimate (HKLM-x32\...\ImTOO Video Converter Ultimate) (Version: 5.1.39.0402 - ImTOO)
ImTOO Video Editor (HKLM-x32\...\ImTOO Video Editor) (Version: 1.0.34.1231 - ImTOO)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java™ 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018F0}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kindle Previewer (HKU\S-1-5-21-1377445722-260433633-3850440793-1001\...\KindlePreviewer) (Version:  - )
LAME v3.98.2 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia HomeSite 5 (HKLM-x32\...\{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}) (Version:  - )
Makehuman (HKLM-x32\...\Makehuman) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version:  - )
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Joiner (HKLM-x32\...\MovieJoiner) (Version:  - )
Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 64.0.2.6947 - Mozilla)
Mozilla Thunderbird (3.0.11) (HKLM-x32\...\Mozilla Thunderbird (3.0.11)) (Version: 3.0.11 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
Product Improvement Study for HP DeskJet 1110 series (HKLM\...\{1C2362F9-C6AA-4BF9-906B-934AD742DC7A}) (Version: 40.11.1124.17107 - HP Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
Recuva (remove only) (HKLM-x32\...\Recuva) (Version:  - )
RSS Builder (HKLM-x32\...\{2D314DA3-96BC-4FD0-8067-70AAF054C3E2}) (Version: 2.1.8 - B!Soft)
Scribus 1.4.4 (HKLM-x32\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
Scrivener Update (HKLM-x32\...\Scrivener 1900) (Version: 1980 - Literature and Latte)
Silent 3ditor (v0.9.9) (HKLM-x32\...\{42258A5E-3399-43FE-8169-46336BCB79DA}) (Version: 0.9.9 - skwas)
Silent Hunter 4 Wolves of the Pacific (HKLM-x32\...\{0D005F09-A5F4-473B-A901-5735C6AF5628}) (Version: 1.05.0000 - Ubisoft)
Silent Hunter III (HKLM-x32\...\{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft) Hidden
Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft)
Spotify (HKU\S-1-5-21-1377445722-260433633-3850440793-1001\...\Spotify) (Version: 1.0.72.117.g6bd7cc73 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stanza (HKLM-x32\...\Stanza) (Version:  - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TopStyle Lite (Version 3.0) (HKLM-x32\...\TopStyle Lite (Version 3.0)) (Version: 3.1.0 - Bradbury Software, LLC)
TRENDnet TEW-623PI Wireless PCI Adapter (HKLM-x32\...\{76418E9D-ECFD-4F35-B8FB-771B0EF3EA9E}) (Version: 1.00.0000 - TRENDnet)
TuneAid 3.44 (HKLM-x32\...\TuneAid_is1) (Version: 3.44 - DigiDNA)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (HKLM-x32\...\{5EE7D259-D137-4438-9A5F-42F432EC0421}) (Version: 1.1.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.601  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1377445722-260433633-3850440793-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Hewlett-Packard Image  (12/27/2006 8.0.0.0) (HKLM\...\F5E51FDA4F39B4D4F8A1DF9178FCF7947925E0F1) (Version: 12/27/2006 8.0.0.0 - Hewlett-Packard)
Windows Driver Package - Ralink Technology, Corp. (netr28x) Net  (11/09/2009 3.00.11.0000) (HKLM\...\D3F7030B58FDFADD9D4CA475B90D68AA0C01696F) (Version: 11/09/2009 3.00.11.0000 - Ralink Technology, Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
XAMPP (HKLM-x32\...\xampp) (Version: 7.1.10-0 - Bitnami)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1377445722-260433633-3850440793-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files (x86)\Blender Foundation\Blender\BlendThumb64.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll [2012-06-18] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2016-04-03] ()
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers1: [Notepad++] -> {AE6B1055-0490-4142-AE3F-5C3F0B32E223} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2009-06-25] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2016-04-03] ()
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03026A57-961B-48AB-B4E6-2463C7425849} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {032B74E6-DDBC-4354-87D1-FFFA74B02A3B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated)
Task: {0F85C5A7-FDD2-4D60-B497-DF794B08EDE3} - System32\Tasks\{98AEB975-F7C6-44EC-B839-1DDDAEBA095A} => C:\Windows\system32\pcalua.exe -a D:\CB-ISATAU2\Driver\JM20337\Setup.exe -d D:\CB-ISATAU2\Driver\JM20337
Task: {271C40AC-85A1-45A9-8213-82496D5B963B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3EE07979-CC8F-449A-B4A2-3DBE45B1A82A} - System32\Tasks\{F214CEA1-474A-4731-BBCB-1E01E50F80CC} => C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Downloads\Comodo Firewall\cisfree_installer_x86.exe" -d "C:\Users\Owner\Downloads\Comodo Firewall"
Task: {42EA23F7-DA3C-4028-BE08-93D1F6272032} - System32\Tasks\{6E2C8B8E-404F-48C9-9DF8-876817FF21B2} => C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Downloads\eBook software\KindlePreviewerInstall.exe" -d "C:\Users\Owner\Downloads\eBook software"
Task: {63531EE4-3F70-4EBE-8605-817EB5F4AF9D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1377445722-260433633-3850440793-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6B07ADBD-90BA-47F5-BFE9-6CC12ACFAB45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {6DA51354-B5A5-41D5-AC29-EF37EC7DEE60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {71C2D946-5126-49B0-91BA-6BECA3487B2D} - System32\Tasks\{4CA79745-CA21-4F5A-8DDD-00F6BA284233} => C:\Windows\system32\pcalua.exe -a J:\Downloads\AVG\avg71t_395a764.exe -d J:\Downloads\AVG
Task: {7591739F-0F3D-4CEE-8FFB-46A01917D696} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1377445722-260433633-3850440793-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {77E04FD0-6223-4A52-8170-9137ACE6E679} - System32\Tasks\{34DF5928-FE43-450F-9429-C8E37A6B8FDC} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe -c REMOVE=TRUE MODIFY=FALSE
Task: {79132B0B-11B4-461D-8E2F-789AE069BC62} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1377445722-260433633-3850440793-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8B018621-483B-48AF-9EF5-BD9B0E664884} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1377445722-260433633-3850440793-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9F5645C3-7133-4DF4-AD6C-FF080CB55229} - System32\Tasks\HPCustParticipation HP DeskJet 1110 series => C:\Program Files\HP\HP DeskJet 1110 series\Bin\HPCustPartic.exe [2017-04-17] (HP Inc.)
Task: {B2B9DF97-FE2F-4E25-859F-6BE2883E6215} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {B48133F9-6125-4816-BD0E-9887C2322930} - System32\Tasks\{92E979FC-F3CA-447C-B8E7-7F353C701E93} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\COFFEE~1\COFFEE~1\UNWISE.EXE -c C:\PROGRA~2\COFFEE~1\COFFEE~1\INSTALL.LOG
Task: {C94B31E9-4718-4341-A4B1-EDAC099594A1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1377445722-260433633-3850440793-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CB84E708-15CF-4DF1-8177-D5450D264256} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {CFB37505-ACE1-4B62-8FE9-345C825BD4B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08] (Adobe Systems Incorporated)
Task: {D9275959-26E5-4CBB-B645-437164E69DC3} - System32\Tasks\{26BBBA1D-6069-4199-992D-FC0FFC796056} => C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Downloads\J Messenger\messenger.exe" -d "C:\Users\Owner\Downloads\J Messenger"
Task: {E0D63084-2261-42C9-A638-307EA8FF7A71} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Task: {E3A06587-D0EB-4C28-BCF4-462B7E0CF359} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1377445722-260433633-3850440793-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {FEF0146D-0BD1-4EF1-88C0-978C0B1CFE08} - System32\Tasks\{67ED5A95-0DDE-400D-86F1-9F976DD9CC93} => C:\Windows\system32\pcalua.exe -a "E:\Downloads\Quake II\q2-314-demo-x86.exe" -d "E:\Downloads\Quake II"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Owner\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\14811

ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Caret.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fljalecfjciodhpcledpamjachpmelml
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg

==================== Loaded Modules (Whitelisted) ==============

2010-10-19 03:11 - 2005-03-12 00:07 - 000087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-10-21 02:17 - 2018-10-21 02:17 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2010-05-10 22:27 - 2005-06-07 11:26 - 000043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-04-03 10:17 - 2016-04-03 10:17 - 000105984 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2012-06-18 09:24 - 2012-06-18 09:24 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2018-10-22 13:59 - 2018-10-22 13:59 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-10-22 13:59 - 2018-10-22 13:59 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2013-09-23 16:35 - 2009-08-25 14:18 - 000499712 _____ () C:\Program Files\TRENDnet\TEW-623PI\WlanCU.exe
2010-03-13 13:03 - 2009-05-07 16:51 - 000071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-03-13 13:03 - 2009-05-07 16:53 - 000379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-03-13 13:03 - 2008-01-18 14:50 - 000098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-03-13 13:03 - 2009-08-28 11:31 - 047601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2015-05-15 18:02 - 2011-07-01 16:33 - 000194048 _____ () C:\DLautoR.exe
2010-03-13 12:31 - 2010-03-13 12:31 - 000270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-23 16:35 - 2009-04-21 16:25 - 000376832 _____ () C:\Program Files\TRENDnet\TEW-623PI\WlanDll.dll
2013-09-23 16:35 - 2009-09-03 09:53 - 000200704 _____ () C:\Program Files\TRENDnet\TEW-623PI\WPSCtrl.dll
2013-09-23 16:35 - 2009-05-07 13:27 - 000233472 _____ () C:\Program Files\TRENDnet\TEW-623PI\WlanWPS.dll
2014-08-18 20:42 - 2014-04-04 10:29 - 000371712 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2014-08-18 20:42 - 2013-07-24 08:24 - 000137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1377445722-260433633-3850440793-1001\Software\Classes\.exe:  =>  <==== ATTENTION
HKU\S-1-5-21-1377445722-260433633-3850440793-1001\Software\Classes\.bat: batfile =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2013-08-31 19:41 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1377445722-260433633-3850440793-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Amazon Music => "C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe --autostart
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{BA496953-01A0-4645-9124-6C2B9F44F7F6}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe ()
FirewallRules: [UDP Query User{03B4528E-A385-4C8C-ADB2-61ABBFE7C28C}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe ()
FirewallRules: [TCP Query User{942F9A3D-BC85-4D97-8F1A-1BB671235445}C:\xampp\apache\bin\apache.exe] => (Allow) C:\xampp\apache\bin\apache.exe No File
FirewallRules: [UDP Query User{4DD8C1AC-10EC-4705-8091-F6F39945CCAA}C:\xampp\apache\bin\apache.exe] => (Allow) C:\xampp\apache\bin\apache.exe No File
FirewallRules: [TCP Query User{7587E314-5367-46F5-816C-D8F9644EC2AF}C:\program files (x86)\globalscape\cuteftp professional\ftpte.exe] => (Allow) C:\program files (x86)\globalscape\cuteftp professional\ftpte.exe (GlobalSCAPE Texas, LP.)
FirewallRules: [UDP Query User{8E5D4518-D9B7-4CB7-9749-2BE9D7FCA893}C:\program files (x86)\globalscape\cuteftp professional\ftpte.exe] => (Allow) C:\program files (x86)\globalscape\cuteftp professional\ftpte.exe (GlobalSCAPE Texas, LP.)
FirewallRules: [TCP Query User{D814E625-DAB8-4C32-8AAB-F22D67A3C46F}C:\program files (x86)\real alternative\media player classic\mplayerc.exe] => (Allow) C:\program files (x86)\real alternative\media player classic\mplayerc.exe (Gabest)
FirewallRules: [UDP Query User{C40F4E8F-2E20-4C51-B060-EEEA1B5AC55C}C:\program files (x86)\real alternative\media player classic\mplayerc.exe] => (Allow) C:\program files (x86)\real alternative\media player classic\mplayerc.exe (Gabest)
FirewallRules: [TCP Query User{BFE8DD70-E2E5-47E6-835D-2967B0C8034D}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft, Inc.)
FirewallRules: [UDP Query User{357AF299-81CA-4D19-AC33-C1CD9D50FE5C}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft, Inc.)
FirewallRules: [TCP Query User{9B8B7CB5-F332-4651-A486-27E6F37CB55F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [UDP Query User{2A66A562-8DAE-4826-93A9-1D67AA1EA416}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{C4BFA22C-17F1-4F55-9AEE-50AF3F10E854}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe (Google)
FirewallRules: [UDP Query User{6865977B-B0C5-462D-95B3-66CDA5EBDDCE}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe (Google)
FirewallRules: [TCP Query User{F232D849-5257-4796-97BB-50526FC7BE86}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe (Mozilla Corporation)
FirewallRules: [UDP Query User{36DE978A-8BFE-4426-9DAB-8A0F7F168609}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{91FDF8B8-C324-4494-96C7-AE8A46C64C0A}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [UDP Query User{55A39126-A17E-4414-8D5B-68A6E9A0BF4B}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [{8998DC2F-9335-4D95-984B-0DB4D6722EB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
FirewallRules: [{E38EEBBE-3160-4FA6-A4FC-338A13AB5003}] => (Allow) LPort=2869
FirewallRules: [{97872AE4-8B4B-428C-90BA-A9F6EE12BB1E}] => (Allow) LPort=1900
FirewallRules: [{1E00F7BA-A36A-4332-BF06-7C86B49C3EC4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
FirewallRules: [{C286C3EE-B8D6-410A-AFDE-744C04DF25DC}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{9997DB47-4F0E-4B74-BD50-4880EA04A5C5}C:\xampp\apache\bin\apache.exe] => (Allow) C:\xampp\apache\bin\apache.exe No File
FirewallRules: [UDP Query User{0DFF0398-3AD5-47C9-B503-55DBEB6786E5}C:\xampp\apache\bin\apache.exe] => (Allow) C:\xampp\apache\bin\apache.exe No File
FirewallRules: [TCP Query User{A9F83D5C-AEA8-4EDD-98A3-48DECCD3B5FA}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe ()
FirewallRules: [UDP Query User{05D44BAB-5C1F-4F3C-84B8-03EAA4A9CF4A}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe ()
FirewallRules: [TCP Query User{5A747216-21DB-4410-8C41-1DD725F75A4C}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\owner\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [UDP Query User{347E89DA-53BD-4F8A-89B6-4F24DE936FDC}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\owner\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [{9BCA11D5-5779-437D-9730-0F2205AE70D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{3D6D040F-0C2A-4825-8ACD-CACC80CFDCFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{61191BF5-4381-4E13-AE0C-0F9EF1B8108A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [UDP Query User{B7D44C08-76E0-462C-BF78-434BC8360322}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{A5A9D3C5-0787-4447-8F23-664EB7109854}C:\users\helen.owner-pc.000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\helen.owner-pc.000\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [UDP Query User{A0EDE147-12B2-44AC-A7E8-01F67888FE14}C:\users\helen.owner-pc.000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\helen.owner-pc.000\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [TCP Query User{001E1D68-42AF-4F3E-B2FF-B8B996A5B208}C:\users\helen.owner-pc.000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\helen.owner-pc.000\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [UDP Query User{43E9B29D-AE48-4FC9-87D7-6B160AABA3B6}C:\users\helen.owner-pc.000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\helen.owner-pc.000\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
FirewallRules: [{25481D4D-D6AE-44B0-A438-8EB734BFA40F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{726F0067-8124-4738-9C34-DAA16CA35F85}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{56DD27DA-D016-4B3F-A70D-6E360E98347E}] => (Allow) C:\Program Files\VueScan\vuescan.exe (Hamrick Software)
FirewallRules: [{127E23C7-46C9-4484-BA5C-79AD54F7A8DF}] => (Allow) C:\Program Files\VueScan\vuescan.exe (Hamrick Software)
FirewallRules: [{41EE243F-04BB-44A7-B651-E2A865CDCA3B}] => (Allow) C:\Program Files\HP\HP DeskJet 1110 series\Bin\USBSetup.exe (HP Inc.)
FirewallRules: [{447931A0-160C-4616-A797-F2B34CD9C3E3}] => (Allow) C:\Program Files\HP\HP DeskJet 1110 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc.)
FirewallRules: [TCP Query User{A2BB5469-2D47-4654-957C-7B32ADDE8A65}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
FirewallRules: [UDP Query User{5DE34DF3-46B4-47D3-A36E-0ACBE0B5C52A}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
FirewallRules: [TCP Query User{F42E7826-7AA0-4361-AAE3-9BB6EBA7A1B4}C:\xampp\apache\bin\httpd.exe] => (Block) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
FirewallRules: [UDP Query User{2D597F6F-C34C-4986-9B09-7256F4BB4A42}C:\xampp\apache\bin\httpd.exe] => (Block) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
FirewallRules: [{7A89F756-E5BB-49A7-8A4C-423C86DE0EDA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
FirewallRules: [{48611D33-1415-4287-A300-301510B0EA4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{366DCAFE-0393-446B-9087-61BBC4C7C774}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{8CE53639-0365-413A-A784-1281DAF54BF0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{E96011E4-6A2B-4DF1-9194-C3F73DC6795B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{84FEAB7C-2A78-45B0-AA25-A6124B42C1ED}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
FirewallRules: [{A7C35C7F-9B46-403D-AC17-86D0444DBB5F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

==================== Restore Points =========================

06-01-2019 15:00:25 Windows Update
06-01-2019 16:01:28 Windows Update
08-01-2019 13:18:00 Windows Update
08-01-2019 16:36:44 Windows Update
12-01-2019 21:01:47 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2018 01:19:49 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Owner-PC)
Description: Application or service 'distnoted' could not be shut down.

Error: (11/26/2018 01:19:49 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Owner-PC)
Description: Application or service 'MobileDeviceHelper' could not be shut down.

Error: (10/10/2018 05:01:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042319).

Error: (09/30/2018 12:40:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0xf94
Faulting application start time: 0x01d458ecf55a1f8b
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 45d3efe1-c4e0-11e8-b274-485b39053fc8

Error: (09/30/2018 12:40:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1284, time stamp: 0x5a15a98e
Faulting module name: mbamtray.exe, version: 3.0.0.1284, time stamp: 0x5a15a98e
Exception code: 0xc0000005
Fault offset: 0x000ae938
Faulting process id: 0x1004
Faulting application start time: 0x01d458ed07809d9d
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Report Id: 45d3c8d1-c4e0-11e8-b274-485b39053fc8

Error: (09/30/2018 12:39:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Exception code: 0xc0000005
Fault offset: 0x00000000001c6e66
Faulting process id: 0x878
Faulting application start time: 0x01d458ecf986e965
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Report Id: 378de88f-c4e0-11e8-b274-485b39053fc8

Error: (09/30/2018 12:38:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Spotify.exe, version: 1.0.72.117, time stamp: 0x5a57b5a8
Faulting module name: Spotify.exe, version: 1.0.72.117, time stamp: 0x5a57b5a8
Exception code: 0x40000015
Fault offset: 0x0004bcd9
Faulting process id: 0x840
Faulting application start time: 0x01d458ecc4a30838
Faulting application path: C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
Faulting module path: C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
Report Id: 05daa671-c4e0-11e8-b274-485b39053fc8

Error: (09/14/2018 11:18:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {165281a4-1cb0-491b-87d9-4d958f4a8c3f}


System errors:
=============
Error: (01/12/2019 10:59:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TCP/IP NetBIOS Helper service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (01/12/2019 10:59:52 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The lmhosts service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/12/2019 10:59:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (01/12/2019 09:03:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.283.2843.0).

Error: (01/12/2019 09:03:22 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version:

    Update Source: User

    Update Stage: Install

    Source Path:

    Signature Type:

    Update Type:

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version:

    Error code: 0x80070652

    Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Error: (01/12/2019 09:01:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.283.2541.0

    Update Source: Microsoft Update Server

    Update Stage: Download

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.15500.2

    Error code: 0x80240016

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (01/12/2019 09:01:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.283.2541.0

    Update Source: Microsoft Update Server

    Update Stage: Install

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.15500.2

    Error code: 0x80240016

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (01/12/2019 09:01:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.283.2541.0

    Update Source: Microsoft Update Server

    Update Stage: Install

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.15500.2

    Error code: 0x80240016

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.


Windows Defender:
===================================
Date: 2010-03-12 20:05:36.971
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code:0x80070652
Error description:Another installation is already in progress. Complete that installation before proceeding with this install.

CodeIntegrity:
===================================

Date: 2013-08-31 20:38:07.357
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-31 20:38:07.123
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-05-27 20:21:43.062
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-05-27 20:21:43.062
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-05-23 20:10:24.643
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-05-23 20:10:24.643
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-05-15 23:39:21.445
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-05-15 23:39:21.429
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 240 Processor
Percentage of memory in use: 77%
Total physical RAM: 3839.18 MB
Available physical RAM: 865.32 MB
Total Virtual: 7676.49 MB
Available Virtual: 4147.67 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.27 GB) (Free:6.73 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:7.55 GB) (Free:3.83 GB) FAT32

\\?\Volume{f82169d6-5190-11df-a31c-806e6f6e6963}\ (System) (Fixed) (Total:0.61 GB) (Free:0.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 8AABECAD)
Partition 1: (Active) - (Size=628 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Protective MBR) (Size: 7.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
Attached File  Addition.txt   55.41KB   15 downloads

Attached File  FRST.txt   53.63KB   14 downloads

 


  • 0

Advertisements


#2
iMacg3

iMacg3

    Malware Removal

  • Malware Removal
  • 147 posts
Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, remove it now. It is one is the leading causes of malware infecting a computer.
  • If you have questions about anything, please ask.
--------------------

Navigate to https://www.virustotal.com/
Click on Choose File.
In the file name box, type the following:

C:\DLautoR.exe

and click on Open.
VirusTotal will begin scanning the file. Once it's complete, check if any of the engines detected the file.
If the file is detected by any engines, please provide me a link to the VirusTotal report.

--------------------

Refresh Firefox

Open Mozilla Firefox. Click on the three vertical lines in the upper right corner of the Firefox window (xqOud4z.jpg).
Click on Help > Troubleshooting Information > Refresh Firefox.
When you receive a dialog box that asks if you want to refresh the browser, click on Refresh Firefox...

Firefox will now restart. Let me know if the problems persist.

Thanks.
  • 0

#3
ssundberg

ssundberg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Hi, iMacG3

Thank you for your assistance.

When I ran the VirusTotal scan (from what appeared to be the root directory), it resulted in this message:

 

"No engines detected this file"

 

But, the scan also did not trigger any warnings from the list of virus scanners.
 

I am now going to refresh Firefox.
 


Edited by ssundberg, 21 January 2019 - 04:26 PM.

  • 0

#4
ssundberg

ssundberg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

I have also now refreshed Firefox.


  • 0

#5
iMacg3

iMacg3

    Malware Removal

  • Malware Removal
  • 147 posts

Hi,

 

Thank you for the info. 

 

Let me know if the problems still persist.

 

 

 

Thanks. :)


  • 0

#6
ssundberg

ssundberg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Hi, iMacG3

The problem I'm now having is not being able to reload my bookmarks into Firefox. I had made backup HTML and json files, but neither seem to be able to import.


  • 0

#7
iMacg3

iMacg3

    Malware Removal

  • Malware Removal
  • 147 posts
Hi,
 
To import the bookmarks from the .json file, you can try the following:

Open Firefox. Click the Bookmarks icon in the upper right corner of the window and select Show All Bookmarks.
A window titled "Library" will appear. Click on Import and Backup > Restore.
Select the backup you wish to restore from. The entries with a date are the automatic backups created by Firefox.
Clicking on File... will allow you to choose from a manual backup you created.
Once you have chosen a backup, the bookmarks will be restored. Close the window and restart Firefox.

Let me know if you were successfully able to import the bookmarks.

Thanks.
  • 0

#8
iMacg3

iMacg3

    Malware Removal

  • Malware Removal
  • 147 posts
Hi,

It has been 3 days since my last response. Do you still need help?
  • 0

#9
iMacg3

iMacg3

    Malware Removal

  • Malware Removal
  • 147 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP