arnolfini

Also, I don't know how to remove several softwares you mentioned because they don't show up in the uninstaller.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 Ran by Roland (administrator) on ROLAND-PC (28-03-2017 05:25:53) Running from C:\Users\Roland\Desktop Loaded Profiles: Roland (Available Profiles: Roland) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.) HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) Winlogon\Notify\GoToAssist: Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Run: [EPSON Artisan 830 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-23] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-23] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) BootExecute: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{D106EC69-996A-405C-BFA0-2F6611237F58}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{FEC7D3F0-8222-44DB-A6F2-AA3C2578E80A}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3236689562-672039265-411895171-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-3236689562-672039265-411895171-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {598DAE95-DAD6-4990-A6FA-89F5528F5FBC} URL = SearchScopes: HKLM -> {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3236689562-672039265-411895171-1000 -> x-osid:1:search:3F3D596FB2A545659B3F13D7CEB86011 URL = SearchScopes: HKU\S-1-5-21-3236689562-672039265-411895171-1000 -> {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation) DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab FireFox: ======== FF ProfilePath: C:\Users\Roland\AppData\Roaming\TomTom\HOME\Profiles\phu6xfhq.default [2014-06-23] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2012-03-02] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-03] [not signed] FF HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-20] () FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-20] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3236689562-672039265-411895171-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Roland\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-21] (Citrix Online) Chrome: ======= CHR HomePage: Default -> bing.com/?pc=__PARAM__ CHR NewTab: Default -> Not-active:"chrome-extension://keeehhjhphcojjapflaajmgbnkgibaba/newtab/blank.html", Not-active:"chrome-extension://khimdpalkmijiicmeogdijibkkmlhfol/stubby.html", Not-active:"chrome-extension://kgfgkmglngfjihijajckoidgoglmajan/newtab/newtab.html" CHR DefaultSearchURL: Default -> hxxp://srchnet.com/search/{searchTerms} CHR DefaultSearchKeyword: Default -> {searchTerms} CHR Profile: C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default [2017-03-28] CHR Extension: (Avast Online Security) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-19] CHR Extension: (Bing) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2016-08-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-19] CHR HKU\S-1-5-21-3236689562-672039265-411895171-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] S4 lxdb_device; C:\Windows\system32\lxdbcoms.exe [566192 2007-02-02] ( ) S4 lxdb_device; C:\Windows\SysWOW64\lxdbcoms.exe [537520 2007-02-02] ( ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2121224 2017-02-03] (Sophos Limited) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14509296 2017-03-22] (Copyright 2017.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-19] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-19] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-19] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-19] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-19] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-19] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-19] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-19] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-19] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-19] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-21] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-19] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-19] (AVAST Software) S2 BrPar; C:\Windows\SysWOW64\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed] R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] () S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2009-11-10] (LeapFrog) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-27] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-27] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-27] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-27] (Malwarebytes) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [201168 2017-02-03] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2016-04-17] (Sophos Limited) R2 sntp; C:\Windows\System32\DRIVERS\sntp.sys [116144 2016-04-16] (Sophos Limited) R0 Sophos Endpoint Defense; C:\Windows\System32\DRIVERS\SophosED.sys [200760 2017-02-03] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2016-04-16] (Sophos Limited) S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-15] (support.com, Inc) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-28] () U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-24] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-24] (Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-27 17:04 - 2017-03-27 17:04 - 00001109 _____ C:\Users\Roland\Desktop\malwarebytes scan.txt 2017-03-27 16:16 - 2017-03-27 16:16 - 00000000 ____D C:\Users\Roland\Desktop\geek 2017-03-27 16:00 - 2017-03-27 16:27 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Geek Uninstaller 2017-03-27 15:49 - 2017-03-27 18:21 - 00011129 _____ C:\Users\Roland\Desktop\Fixlog.txt 2017-03-27 14:31 - 2017-03-27 17:08 - 00043345 _____ C:\Users\Roland\Desktop\Addition.txt 2017-03-27 14:30 - 2017-03-28 05:26 - 00019549 _____ C:\Users\Roland\Desktop\FRST.txt 2017-03-27 14:29 - 2017-03-28 05:25 - 00000000 ____D C:\FRST 2017-03-27 14:29 - 2017-03-27 14:29 - 02424832 _____ (Farbar) C:\Users\Roland\Desktop\FRST64.exe 2017-03-25 07:14 - 2017-03-25 07:14 - 00000000 ____D C:\ProgramData\SWCUTemp 2017-03-24 20:20 - 2017-03-24 20:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Roland\Downloads\rkill.exe 2017-03-24 18:28 - 2017-03-28 05:26 - 00055353 _____ C:\Windows\ZAM.krnl.trace 2017-03-24 18:28 - 2017-03-28 05:26 - 00028550 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-03-24 18:28 - 2017-03-24 18:28 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-03-24 18:28 - 2017-03-24 18:28 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2017-03-24 18:28 - 2017-03-24 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-03-24 18:28 - 2017-03-24 18:28 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-03-24 18:07 - 2017-03-24 18:07 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2017-03-24 17:37 - 2017-03-24 17:37 - 00079086 _____ C:\Windows\system32\.crusader 2017-03-24 17:20 - 2017-03-24 17:20 - 00000000 ____D C:\Users\Roland\AppData\Local\Zemana 2017-03-24 17:19 - 2017-03-24 17:20 - 05763056 _____ (Zemana Ltd. ) C:\Users\Roland\Downloads\Zemana.AntiMalware.Setup.exe 2017-03-24 17:19 - 2017-03-24 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-03-24 17:19 - 2017-03-24 17:19 - 00000000 ____D C:\Program Files\HitmanPro 2017-03-24 17:18 - 2017-03-24 17:37 - 00000000 ____D C:\ProgramData\HitmanPro 2017-03-24 17:17 - 2017-03-24 17:18 - 11581544 _____ (SurfRight B.V.) C:\Users\Roland\Downloads\HitmanPro_x64.exe 2017-03-24 17:14 - 2017-03-27 18:22 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-03-24 17:14 - 2017-03-27 18:21 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-03-24 17:14 - 2017-03-27 18:21 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-03-24 17:14 - 2017-03-27 18:21 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-03-24 17:14 - 2017-03-27 14:19 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-03-24 17:14 - 2017-03-24 19:43 - 00000000 ____D C:\AdwCleaner 2017-03-24 17:14 - 2017-03-24 17:14 - 04031440 _____ C:\Users\Roland\Downloads\adwcleaner_6.044.exe 2017-03-24 17:13 - 2017-03-24 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-24 17:13 - 2017-03-24 17:13 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-24 17:13 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-03-24 17:12 - 2017-03-24 17:13 - 57131432 _____ (Malwarebytes ) C:\Users\Roland\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-24 11:38 - 2017-03-24 11:38 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Eusing 2017-03-24 11:38 - 2017-03-24 11:38 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner 2017-03-24 11:26 - 2017-03-25 07:10 - 00007605 _____ C:\Users\Roland\AppData\Local\resmon.resmoncfg 2017-03-24 11:06 - 2017-03-24 11:06 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-03-24 11:06 - 2017-03-24 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-03-24 11:06 - 2017-03-24 11:06 - 00000000 ____D C:\Program Files\CCleaner 2017-03-20 20:54 - 2017-02-22 22:59 - 00453720 _____ C:\Windows\system32\Drivers\etc\hosts.20170320-205400.backup 2017-03-19 21:55 - 2017-03-19 21:50 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys 2017-03-19 21:55 - 2017-03-19 21:50 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2017-03-19 21:55 - 2017-03-19 21:50 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys 2017-03-19 21:55 - 2017-03-19 21:50 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys 2017-03-19 21:53 - 2017-03-19 21:52 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-03-19 21:40 - 2017-03-19 21:40 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys 2017-03-09 19:44 - 2017-03-10 16:46 - 00000000 ____D C:\Users\Roland\AppData\Local\Glance 2017-03-09 15:35 - 2017-03-19 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016 2017-03-09 14:54 - 2017-03-19 21:31 - 00000000 ____D C:\6b250ebe7832362a99249059 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-27 18:30 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-27 18:30 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-27 18:21 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Roland\AppData\Local\SoftThinks 2017-03-27 18:21 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2017-03-27 18:21 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2017-03-27 18:21 - 2009-09-23 17:33 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2017-03-27 18:20 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-27 17:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2017-03-27 17:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2017-03-27 17:30 - 2009-11-13 20:13 - 00000000 ____D C:\Users\Roland 2017-03-27 17:21 - 2009-11-17 11:02 - 00000000 ____D C:\ProgramData\FINPACK 2017-03-27 17:21 - 2009-11-17 11:02 - 00000000 ____D C:\Program Files (x86)\FINPACK 2017-03-27 16:40 - 2016-04-16 17:43 - 00000000 ____D C:\Program Files\Sophos 2017-03-27 16:40 - 2015-12-10 17:00 - 00000000 ____D C:\Program Files\AVAST Software 2017-03-27 16:40 - 2013-07-22 11:02 - 00000000 ____D C:\ProgramData\Sophos 2017-03-27 16:40 - 2013-07-22 11:01 - 00000000 ____D C:\Program Files (x86)\Sophos 2017-03-27 16:09 - 2014-11-02 04:44 - 00000000 ____D C:\Users\Roland\Desktop\cyber sec 2017-03-27 15:49 - 2009-11-13 22:29 - 00000000 ___SD C:\Users\Roland\AppData\LocalLow\Temp 2017-03-26 19:48 - 2016-11-16 16:43 - 00000000 ____D C:\Users\Roland\Desktop\Web Stuff 2017-03-26 19:43 - 2009-11-15 18:45 - 00000000 ____D C:\Users\Roland\Documents\2 Fm Decions Current 2017-03-26 19:36 - 2009-07-14 01:13 - 00803678 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-24 20:14 - 2012-12-25 21:16 - 00000000 ____D C:\Users\Roland\AppData\Local\CrashDumps 2017-03-24 18:14 - 2009-12-02 20:43 - 00000000 ____D C:\Windows\Minidump 2017-03-24 17:38 - 2013-04-25 09:04 - 00000000 ____D C:\Program Files (x86)\iolo 2017-03-24 17:37 - 2011-01-03 21:35 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2017-03-24 17:31 - 2013-04-25 09:05 - 00000000 ____D C:\ProgramData\iolo 2017-03-24 17:13 - 2010-10-02 08:07 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-21 14:31 - 2012-10-12 14:38 - 00000000 ____D C:\Users\Roland\AppData\Local\ElevatedDiagnostics 2017-03-21 12:25 - 2014-12-27 23:08 - 00000000 ____D C:\Users\Roland\Desktop\Pics 12 14 2017-03-21 12:22 - 2017-02-09 21:01 - 00000000 ____D C:\Users\Roland\Desktop\217 AGO 2017-03-21 12:05 - 2015-12-10 17:04 - 00548928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2017-03-21 11:59 - 2012-02-12 20:15 - 00000000 ____D C:\Users\Roland\Desktop\Unused Ikons 2017-03-20 22:16 - 2015-12-10 17:00 - 00000000 ____D C:\ProgramData\AVAST Software 2017-03-20 21:04 - 2013-09-14 09:46 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-03-20 21:04 - 2012-03-28 21:26 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-03-20 21:04 - 2011-11-11 14:59 - 00000000 ____D C:\Windows\system32\Macromed 2017-03-20 21:04 - 2011-06-03 20:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-03-20 21:04 - 2009-09-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-03-20 20:54 - 2009-07-13 22:34 - 00454268 ____R C:\Windows\system32\Drivers\etc\hosts.20170324-134951.backup 2017-03-20 19:31 - 2016-01-22 13:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-03-19 21:55 - 2015-12-10 17:04 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148997492429004 2017-03-19 21:52 - 2015-12-10 17:04 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148997492880006 2017-03-19 21:52 - 2015-12-10 17:04 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-03-19 21:51 - 2016-03-22 18:15 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2017-03-19 21:51 - 2015-12-10 17:04 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-03-19 21:46 - 2010-12-16 22:40 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-19 21:46 - 2010-12-16 22:40 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-19 21:38 - 2015-12-10 17:04 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.148997402374507 2017-03-19 21:38 - 2015-12-10 17:04 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148997402494610 2017-03-19 21:38 - 2015-12-10 17:04 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148997402578812 2017-03-19 21:36 - 2009-11-13 20:13 - 00112616 _____ C:\Users\Roland\AppData\Local\GDIPFONTCACHEV1.DAT 2017-03-19 21:32 - 2015-12-10 17:04 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2017-03-19 21:31 - 2017-01-26 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-03-19 21:31 - 2014-01-06 15:40 - 00000000 ____D C:\Program Files\UVK - Ultra Virus Killer 2017-03-19 21:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat 2017-03-19 21:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2017-03-19 21:26 - 2016-01-05 12:35 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Intuit 2017-03-18 19:25 - 2012-10-12 15:05 - 00000000 ____D C:\temp 2017-03-15 20:46 - 2016-10-27 20:52 - 00000000 ____D C:\Users\Roland\Desktop\Email Stuff 2017-03-14 17:24 - 2013-12-13 21:13 - 00000000 ____D C:\Users\Roland\Desktop\Ishler feed prices 2017-03-10 22:27 - 2016-01-05 12:41 - 00000000 ____D C:\Users\Roland\Documents\TurboTax 2017-03-09 15:46 - 2014-11-02 04:40 - 00000000 ____D C:\Users\Roland\Desktop\friends 2017-03-09 15:37 - 2016-01-05 12:33 - 00000629 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc ==================== Files in the root of some directories ======= 2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Smooth Strings 2014-05-21 15:59 - 2014-05-21 15:59 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Solid Colors 2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Sound Effects 2014-05-21 15:57 - 2014-05-21 15:57 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Static Library 2017-03-24 11:26 - 2017-03-25 07:10 - 0007605 _____ () C:\Users\Roland\AppData\Local\resmon.resmoncfg 2013-04-23 21:48 - 2013-04-23 21:48 - 2250054 _____ () C:\ProgramData\1.bmp 2013-04-23 21:47 - 2013-04-23 21:47 - 0302806 _____ () C:\ProgramData\1.jpg 2011-01-03 21:26 - 2011-01-03 21:38 - 0000802 _____ () C:\ProgramData\hpzinstall.log 2016-01-05 12:33 - 2017-03-09 15:37 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2014-05-21 15:57 - 2014-05-21 15:57 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT 2014-05-21 15:59 - 2014-05-21 15:59 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2014-05-21 15:58 - 2014-05-23 11:55 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-05-21 15:58 - 2014-05-21 15:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\ProgramData\Soundtrack 2014-05-21 15:59 - 2014-05-21 15:59 - 0000268 ___RH () C:\ProgramData\Space Choir 2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\ProgramData\Spacious 2014-05-21 15:57 - 2014-05-21 15:57 - 0000268 ___RH () C:\ProgramData\String Ensemble 2012-10-12 17:31 - 2012-10-12 19:46 - 0028232 _____ () C:\ProgramData\xportnchk.ini Some files in TEMP: ==================== 2017-03-27 18:25 - 2017-03-27 18:25 - 3957784 _____ (Geek Unіnstaller) C:\Users\Roland\AppData\Local\Temp\geek64.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-20 22:23 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by Roland (28-03-2017 05:27:26) Running from C:\Users\Roland\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2009-11-14 00:13:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3236689562-672039265-411895171-500 - Administrator - Disabled) Guest (S-1-5-21-3236689562-672039265-411895171-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3236689562-672039265-411895171-1002 - Limited - Enabled) Roland (S-1-5-21-3236689562-672039265-411895171-1000 - Administrator - Enabled) => C:\Users\Roland SophosSAUROLAND-PC0 (S-1-5-21-3236689562-672039265-411895171-1006 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5} AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508} FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 470_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 470_Readme (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 7-Zip 15.12 (HKLM-x32\...\{23170F69-40C1-2701-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) BPDSoftware (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Brother HL-5040 (HKLM-x32\...\Brother HL-5040) (Version: - ) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation) Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform) Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell) Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.3.0 - Synaptics Incorporated) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd) DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden EPSON Artisan 810 Series Printer Uninstall (HKLM\...\EPSON Artisan 810 Series) (Version: - SEIKO EPSON Corporation) EPSON Artisan 830 Series Printer Uninstall (HKLM\...\EPSON Artisan 830 Series) (Version: - SEIKO EPSON Corporation) Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION) FINPACK (HKLM-x32\...\FINPACK) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.110 - Google Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - ) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden H470 (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.) HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP OfficeJet H470 (HKLM\...\{2B71BB94-F52C-4EF2-85E8-45E63296EDF2}) (Version: 13.0 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 2.3.11.8936 - LeapFrog) LeapFrog Connect (x32 Version: 2.3.11.8936 - LeapFrog) Hidden LeapFrog Tag Plugin (x32 Version: 2.3.11.8936 - LeapFrog) Hidden Lexmark 840 Series (HKLM\...\Lexmark 840 Series) (Version: - Lexmark International, Inc.) Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Accounting 2008 (HKLM-x32\...\Microsoft Office Accounting 2008) (Version: 3.0.8627.1 - Microsoft Corporation) Microsoft Office Accounting 2008 Equifax Addin (HKLM-x32\...\{0C2AF762-0565-4C91-9F55-B8B53BB82A38}) (Version: 3.0.8231.0 - Microsoft Corporation) Microsoft Office Accounting 2008 Fixed Asset Manager (HKLM-x32\...\{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}) (Version: 3.0.8231.0 - Microsoft Corporation) Microsoft Office Accounting 2008 PayPal Addin (HKLM-x32\...\{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}) (Version: 3.0.8231.0 - Microsoft Corporation) Microsoft Office Accounting ADP Payroll Addin (HKLM-x32\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation) Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) MPM (HKLM-x32\...\{00772F8B-37FF-4704-A47D-72B30BFAF126}) (Version: 1.00.0000 - Hewlett-Packard) Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon) Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.) Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon) PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.) ProductContext (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.) Reliable IT repair tool (HKLM\...\UVK - Ultra virus killer) (Version: 5.9.0.1 - Reliable IT) Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden TomTom HOME 2.8.3.2499 (HKLM-x32\...\TomTom HOME) (Version: 2.8.3.2499 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 2.3.11.8936 - LeapFrog) ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.6.0 - Nikon) WebEx (HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.324 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {000E6622-8E66-4CB8-BB22-0F4F4C9CAD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {0726F637-A340-47AC-8B8F-6087BA8A0E2C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-20] (Adobe Systems Incorporated) Task: {15832EAB-161B-4C8A-96A7-11300F4C614B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd) Task: {20F7C2B2-27FE-45D5-9359-9EA921ECC318} - System32\Tasks\{B2F436F5-BB82-4B49-AA0E-CF73AB8ED396} => pcalua.exe -a C:\Users\Roland\Desktop\install_flash_player_9.exe -d C:\Users\Roland\Desktop Task: {2C4E3533-1253-41DD-A189-F2AE3C1BD123} - System32\Tasks\{0340C534-D0C2-4710-BD77-C5035BF28B2D} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe Task: {42D84E80-EF07-499A-84A4-7ED19604493F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software) Task: {57946441-35E3-4F03-BB0D-B5F132F26294} - System32\Tasks\{911256C9-F921-4261-91B8-2BD6F6AD8D8C} => pcalua.exe -a D:\setup.exe -d D:\ Task: {5F38FEEE-8C02-46AF-A131-3495F00C96DC} - System32\Tasks\{CE6D138D-5A2A-4319-8091-2DF841919D35} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe Task: {8796A92C-9213-47B3-838D-44229A147DA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {A6CEFA61-91CB-4C24-B433-ADFFFE59AC68} - System32\Tasks\{F1F36E3E-E697-479D-8DCD-598E6B1EAD20} => pcalua.exe -a "C:\Program Files (x86)\FINPACK\FINPACK.exe" -d "C:\Program Files (x86)\FINPACK" Task: {C067F5CD-BD7C-4EC2-86A8-B44B1938E709} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation) Task: {C56D37B2-D883-47CE-BC6F-D066233631ED} - System32\Tasks\{47FBF903-CA97-4C8A-9129-AA1B50D7A5AB} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe Task: {DD3422B8-7429-47EF-99E6-189B5A044880} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {E49F9117-EAD7-49CF-888D-268FFDA38A82} - System32\Tasks\{F3743546-E375-4083-AA1F-907F3B6A7548} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2009-09-23 17:34 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE 2017-03-24 17:13 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-03-24 17:13 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-03-19 21:46 - 2017-03-16 00:11 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\libglesv2.dll 2017-03-19 21:46 - 2017-03-16 00:11 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7933 more sites. IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\123simsen.com -> www.123simsen.com There are 7933 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-27 18:21 - 2017-03-27 18:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3236689562-672039265-411895171-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s MSCONFIG\startupreg: ZAM => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{038284C9-21D7-4C57-B2CA-3129CA4F6DCB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{F0D53FFF-117C-4CFC-B466-6444D4129286}] => (Allow) svchost.exe FirewallRules: [{690CD6B3-A821-4EE2-8E8B-7E19FB36832E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{32867B3C-68D8-430C-8CE8-C97BDE04BD36}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe FirewallRules: [{181BC4D1-CF38-4CD8-8098-41602D3B2F18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe FirewallRules: [TCP Query User{D28938A5-4200-4414-A6EB-7BA4AC3FCD04}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{8E202954-8352-4CD4-894F-1BA42C4764C8}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{F307F74A-05EB-40FC-8E92-93EB3ECF0991}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [TCP Query User{59B3E3EE-53C5-4CF5-8606-E5F1128C9806}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [UDP Query User{F0C51941-73EC-45D2-8A6F-90026BBF867D}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [{260AA70C-A480-4AF7-871F-99F2B749BC5A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{5339CD95-FB28-4685-9D54-9988E3F183CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{CFF3455C-2156-4845-A327-B93D17C0C93F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{D896FF1F-17E7-4BAC-9BFC-0D508F7AAC0B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{A8FBF3FF-A95E-4024-A43A-32CB44CB1CA0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{17D9F753-3D9E-40D8-9FBD-2545F6A72B9E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{E6D2905E-809F-4396-8C77-B0658DFA32C4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{3276CC50-06F1-4193-80BC-BAED1CE4B134}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{5F485083-100A-4E25-ADE9-1C64E5182FB6}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{83EDD164-EED3-49EF-BA0D-D9E6669D3072}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{D4EAAD28-FC03-412C-A0CF-563335C18C16}] => (Allow) C:\Windows\SysWOW64\lxdbcoms.exe FirewallRules: [{10E19EEF-EDA0-47D5-B24C-158A6E2E3888}] => (Allow) C:\Windows\SysWOW64\lxdbcoms.exe FirewallRules: [{51E24C8D-B58A-409F-901F-98610A557676}] => (Allow) C:\Windows\System32\lxdbcoms.exe FirewallRules: [{D2B83F41-1755-4309-8E66-76D1B3716E99}] => (Allow) C:\Windows\System32\lxdbcoms.exe FirewallRules: [{8D1C7B49-C381-4550-B2BE-E4EE22167B34}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdbpswx.exe FirewallRules: [{2916B473-DF6B-458C-B41E-F85CC6FC8323}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdbpswx.exe FirewallRules: [{36F4ED32-684C-4802-8D96-D100011FEC0B}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{CEBC5D2A-8BA9-4887-8345-78A37B9317E1}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{04571419-0A36-4653-A059-CA1DC1381894}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe FirewallRules: [{24018CCD-8012-4613-9263-158C940FF7EE}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe FirewallRules: [TCP Query User{308B603B-5966-44A6-9264-C690374408C7}D:\common\driver update\edupdate.exe] => (Allow) D:\common\driver update\edupdate.exe FirewallRules: [UDP Query User{D1E302F4-6D01-492F-BF27-A47A7973E015}D:\common\driver update\edupdate.exe] => (Allow) D:\common\driver update\edupdate.exe FirewallRules: [TCP Query User{6F5C2C91-CCE1-49A5-995D-EFE441B0D738}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{4BAED64E-A588-4C7F-B491-BF0F3DB128B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{9F434B64-5201-479E-8F3C-B40F759C2E71}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe FirewallRules: [UDP Query User{6AE359A2-D450-4E3C-9AF1-55D995355106}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe FirewallRules: [{2727304C-2BD1-45AF-A226-F6A8D9C22580}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{BA134C11-FA2A-4CE3-9CE2-494F0B1CCA50}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{BC05E73F-B080-452C-B93B-A769D25C1DCF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{ACFE8DF7-A332-485F-A453-F061445889BD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{DB4D48C7-A8D4-4052-8501-96F6DBD0562C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{570E300A-8EB8-4318-BB81-19FDCF191021}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{807140A2-9538-407D-ADD0-AA344E9A618E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{5E02E12C-13A9-4673-AC72-67A25D97D67C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561_0\SZBrowser.exe ==================== Restore Points ========================= 22-02-2017 23:52:06 Spybot-S&D Spyware removal 09-03-2017 15:33:04 Installed TurboTax 2016 wrapper 09-03-2017 15:42:48 Installed TurboTax 2016 wpaiper 19-03-2017 21:15:38 Restore Operation 27-03-2017 18:17:39 Restore Point Created by FRST ==================== Faulty Device Manager Devices ============= Name: HP OfficeJet Pro 8710 Description: HP OfficeJet Pro 8710 Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 4200 Description: hp LaserJet 4200 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/27/2017 06:18:07 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800)) Error: (03/27/2017 06:18:07 PM) (Source: ESENT) (EventID: 455) (User: ) Description: Windows (3904) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00117.log. System errors: ============= Error: (03/28/2017 05:23:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (03/27/2017 09:39:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. Error: (03/27/2017 06:21:28 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (03/27/2017 06:21:28 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (03/27/2017 06:20:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (03/27/2017 06:20:34 PM) (Source: Service Control Manager) (EventID: 7002) (User: ) Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started. Error: (03/27/2017 06:19:16 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (03/27/2017 06:18:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (03/27/2017 06:18:08 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (03/27/2017 06:17:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s). ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Percentage of memory in use: 61% Total physical RAM: 4056.36 MB Available physical RAM: 1543.52 MB Total Virtual: 8110.91 MB Available Virtual: 5832.41 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:446.59 GB) (Free:329.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 2B391CB6) Partition 1: (Not Active) - (Size=298 MB) - (Type=DE) Partition 2: (Active) - (Size=18.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by Roland (27-03-2017 18:17:33) Run:2 Running from C:\Users\Roland\Desktop Loaded Profiles: Roland (Available Profiles: Roland) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) CMD: netsh winsock reset CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset CMD: bitsadmin /reset /allusers S2 Sophos Agent; "C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe" -service -name Agent -ORBListenEndpoints iiop://127.0.0.1 [X] <==== ATTENTION S2 Sophos Message Router; "C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194 [X] <==== ATTENTION CMD: ipconfig /flushdns Hosts: EmptyTemp: end ***************** Processes closed successfully. Restore point was successfully created. HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000019 => key removed successfully ========= netsh winsock reset ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107 Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset c:\resetlog.txt ========= Reseting Interface, OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= ipconfig /release ========= Windows IP Configuration No operation can be performed on Local Area Connection while it has its media disconnected. Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::98bb:c56d:3382:4a53%11 Default Gateway . . . . . . . . . : Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.hsd1.pa.comcast.net.: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter 6TO4 Adapter: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.{FEC7D3F0-8222-44DB-A6F2-AA3C2578E80A}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter Local Area Connection* 17: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.{D106EC69-996A-405C-BFA0-2F6611237F58}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter Local Area Connection* 18: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:9d38:78cf:38db:7b0e:bc10:d201 Link-local IPv6 Address . . . . . : fe80::38db:7b0e:bc10:d201%28 Default Gateway . . . . . . . . . : :: ========= End of CMD: ========= ========= ipconfig /renew ========= Windows IP Configuration No operation can be performed on Local Area Connection while it has its media disconnected. Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::98bb:c56d:3382:4a53%11 IPv4 Address. . . . . . . . . . . : 192.168.0.60 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.hsd1.pa.comcast.net.: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter 6TO4 Adapter: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.{FEC7D3F0-8222-44DB-A6F2-AA3C2578E80A}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter Local Area Connection* 17: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.{D106EC69-996A-405C-BFA0-2F6611237F58}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter Local Area Connection* 18: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reseting Interface, OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reseting Interface, OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= Sophos Agent => service not found. Sophos Message Router => service not found. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1051928 B Java, Flash, Steam htmlcache => 291 B Windows/system/drivers => 236 B Edge => 0 B Chrome => 10293663 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 109016 B NetworkService => 0 B Roland => 9733368 B RecycleBin => 0 B EmptyTemp: => 28.2 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-03-2017 18:21:41) C:\Windows\System32\Drivers\etc\hosts => Is moved successfully Hosts restored successfully. ==== End of Fixlog 18:21:41 ====

BTW, I figured out why the internet didn't work. It was turned off on the keyboard. It works now.

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/27/17 Scan Time: 4:43 PM Logfile: malwarebytes scan.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.75 Update Package Version: 1.0.1609 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Roland-PC\Roland -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 392493 Time Elapsed: 17 min, 51 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 Ran by Roland (administrator) on ROLAND-PC (27-03-2017 17:05:43) Running from C:\Users\Roland\Desktop Loaded Profiles: Roland (Available Profiles: Roland) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.) HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) Winlogon\Notify\GoToAssist: Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Run: [EPSON Artisan 830 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-23] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-23] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) BootExecute: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{D106EC69-996A-405C-BFA0-2F6611237F58}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{FEC7D3F0-8222-44DB-A6F2-AA3C2578E80A}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3236689562-672039265-411895171-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-3236689562-672039265-411895171-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {598DAE95-DAD6-4990-A6FA-89F5528F5FBC} URL = SearchScopes: HKLM -> {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3236689562-672039265-411895171-1000 -> x-osid:1:search:3F3D596FB2A545659B3F13D7CEB86011 URL = SearchScopes: HKU\S-1-5-21-3236689562-672039265-411895171-1000 -> {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation) DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab FireFox: ======== FF ProfilePath: C:\Users\Roland\AppData\Roaming\TomTom\HOME\Profiles\phu6xfhq.default [2014-06-23] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2012-03-02] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-03] [not signed] FF HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-20] () FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-20] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3236689562-672039265-411895171-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Roland\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-21] (Citrix Online) Chrome: ======= CHR HomePage: Default -> bing.com/?pc=__PARAM__ CHR NewTab: Default -> Not-active:"chrome-extension://keeehhjhphcojjapflaajmgbnkgibaba/newtab/blank.html", Not-active:"chrome-extension://khimdpalkmijiicmeogdijibkkmlhfol/stubby.html", Not-active:"chrome-extension://kgfgkmglngfjihijajckoidgoglmajan/newtab/newtab.html" CHR DefaultSearchURL: Default -> hxxp://srchnet.com/search/{searchTerms} CHR DefaultSearchKeyword: Default -> {searchTerms} CHR Profile: C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default [2017-03-27] CHR Extension: (Avast Online Security) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-19] CHR Extension: (Bing) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2016-08-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-19] CHR HKU\S-1-5-21-3236689562-672039265-411895171-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed] S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed] S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed] S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] S4 lxdb_device; C:\Windows\system32\lxdbcoms.exe [566192 2007-02-02] ( ) S4 lxdb_device; C:\Windows\SysWOW64\lxdbcoms.exe [537520 2007-02-02] ( ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2121224 2017-02-03] (Sophos Limited) S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14509296 2017-03-22] (Copyright 2017.) S3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe" [X] S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X] S2 SAVAdminService; "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [X] S2 SAVService; "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe" [X] S2 SntpService; "C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe" [X] S2 Sophos Agent; "C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe" -service -name Agent -ORBListenEndpoints iiop://127.0.0.1 [X] <==== ATTENTION S2 Sophos AutoUpdate Service; "C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe" [X] S2 Sophos Message Router; "C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194 [X] <==== ATTENTION S2 Sophos Web Control Service; "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe" [X] S2 sophossps; "C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe" [X] S2 swi_service; "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-19] (AVAST Software s.r.o.) S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-19] (AVAST Software s.r.o.) S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-19] (AVAST Software s.r.o.) S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-19] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-19] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-19] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-19] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-19] (AVAST Software) S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-19] (AVAST Software) S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-19] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-21] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-19] (AVAST Software) S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-19] (AVAST Software) S2 BrPar; C:\Windows\SysWOW64\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed] S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation) S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] () S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2009-11-10] (LeapFrog) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-03-24] () R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-27] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-27] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-27] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-27] (Malwarebytes) S1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [201168 2017-02-03] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2016-04-17] (Sophos Limited) S2 sntp; C:\Windows\System32\DRIVERS\sntp.sys [116144 2016-04-16] (Sophos Limited) R0 Sophos Endpoint Defense; C:\Windows\System32\DRIVERS\SophosED.sys [200760 2017-02-03] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2016-04-16] (Sophos Limited) S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-15] (support.com, Inc) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-28] () U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () S1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-24] (Zemana Ltd.) S1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-24] (Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-27 17:04 - 2017-03-27 17:04 - 00001109 _____ C:\Users\Roland\Desktop\malwarebytes scan.txt 2017-03-27 16:16 - 2017-03-27 16:16 - 00000000 ____D C:\Users\Roland\Desktop\geek 2017-03-27 16:00 - 2017-03-27 16:27 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Geek Uninstaller 2017-03-27 15:59 - 2017-03-27 16:00 - 02793495 _____ C:\Users\Roland\Desktop\geek.zip 2017-03-27 15:49 - 2017-03-27 15:49 - 00010282 _____ C:\Users\Roland\Desktop\Fixlog.txt 2017-03-27 14:31 - 2017-03-27 14:33 - 00046153 _____ C:\Users\Roland\Desktop\Addition.txt 2017-03-27 14:30 - 2017-03-27 17:06 - 00020589 _____ C:\Users\Roland\Desktop\FRST.txt 2017-03-27 14:29 - 2017-03-27 17:05 - 00000000 ____D C:\FRST 2017-03-27 14:29 - 2017-03-27 14:29 - 02424832 _____ (Farbar) C:\Users\Roland\Desktop\FRST64.exe 2017-03-27 14:18 - 2017-03-27 16:41 - 00218250 _____ C:\Windows\ntbtlog.txt 2017-03-25 07:14 - 2017-03-25 07:14 - 00000000 ____D C:\ProgramData\SWCUTemp 2017-03-24 20:20 - 2017-03-24 20:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Roland\Downloads\rkill.exe 2017-03-24 18:28 - 2017-03-27 16:10 - 00056183 _____ C:\Windows\ZAM.krnl.trace 2017-03-24 18:28 - 2017-03-27 16:10 - 00030235 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-03-24 18:28 - 2017-03-24 18:28 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-03-24 18:28 - 2017-03-24 18:28 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2017-03-24 18:28 - 2017-03-24 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-03-24 18:28 - 2017-03-24 18:28 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-03-24 18:07 - 2017-03-24 18:07 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2017-03-24 17:47 - 2017-03-24 19:29 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2017-03-24 17:37 - 2017-03-24 17:37 - 00079086 _____ C:\Windows\system32\.crusader 2017-03-24 17:20 - 2017-03-24 17:20 - 00000000 ____D C:\Users\Roland\AppData\Local\Zemana 2017-03-24 17:19 - 2017-03-24 17:20 - 05763056 _____ (Zemana Ltd. ) C:\Users\Roland\Downloads\Zemana.AntiMalware.Setup.exe 2017-03-24 17:19 - 2017-03-24 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-03-24 17:19 - 2017-03-24 17:19 - 00000000 ____D C:\Program Files\HitmanPro 2017-03-24 17:18 - 2017-03-24 17:37 - 00000000 ____D C:\ProgramData\HitmanPro 2017-03-24 17:17 - 2017-03-24 17:18 - 11581544 _____ (SurfRight B.V.) C:\Users\Roland\Downloads\HitmanPro_x64.exe 2017-03-24 17:14 - 2017-03-27 16:41 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-03-24 17:14 - 2017-03-27 16:41 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-03-24 17:14 - 2017-03-27 16:41 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-03-24 17:14 - 2017-03-27 15:59 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-03-24 17:14 - 2017-03-27 14:19 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-03-24 17:14 - 2017-03-24 19:43 - 00000000 ____D C:\AdwCleaner 2017-03-24 17:14 - 2017-03-24 17:14 - 04031440 _____ C:\Users\Roland\Downloads\adwcleaner_6.044.exe 2017-03-24 17:13 - 2017-03-24 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-24 17:13 - 2017-03-24 17:13 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-24 17:13 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-03-24 17:12 - 2017-03-24 17:13 - 57131432 _____ (Malwarebytes ) C:\Users\Roland\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-24 11:38 - 2017-03-24 11:38 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Eusing 2017-03-24 11:38 - 2017-03-24 11:38 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner 2017-03-24 11:26 - 2017-03-25 07:10 - 00007605 _____ C:\Users\Roland\AppData\Local\resmon.resmoncfg 2017-03-24 11:06 - 2017-03-24 11:06 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-03-24 11:06 - 2017-03-24 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-03-24 11:06 - 2017-03-24 11:06 - 00000000 ____D C:\Program Files\CCleaner 2017-03-20 20:54 - 2017-02-22 22:59 - 00453720 _____ C:\Windows\system32\Drivers\etc\hosts.20170320-205400.backup 2017-03-19 21:55 - 2017-03-19 21:50 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys 2017-03-19 21:55 - 2017-03-19 21:50 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2017-03-19 21:55 - 2017-03-19 21:50 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys 2017-03-19 21:55 - 2017-03-19 21:50 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys 2017-03-19 21:53 - 2017-03-19 21:52 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-03-19 21:40 - 2017-03-19 21:40 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys 2017-03-09 19:44 - 2017-03-10 16:46 - 00000000 ____D C:\Users\Roland\AppData\Local\Glance 2017-03-09 15:35 - 2017-03-19 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016 2017-03-09 14:54 - 2017-03-19 21:31 - 00000000 ____D C:\6b250ebe7832362a99249059 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-27 16:40 - 2016-04-16 17:43 - 00000000 ____D C:\Program Files\Sophos 2017-03-27 16:40 - 2015-12-10 17:00 - 00000000 ____D C:\Program Files\AVAST Software 2017-03-27 16:40 - 2013-07-22 11:02 - 00000000 ____D C:\ProgramData\Sophos 2017-03-27 16:40 - 2013-07-22 11:01 - 00000000 ____D C:\Program Files (x86)\Sophos 2017-03-27 16:09 - 2014-11-02 04:44 - 00000000 ____D C:\Users\Roland\Desktop\cyber sec 2017-03-27 16:00 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-27 16:00 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-27 15:51 - 2009-09-23 17:33 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2017-03-27 15:50 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Roland\AppData\Local\SoftThinks 2017-03-27 15:50 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2017-03-27 15:50 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2017-03-27 15:50 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-27 15:49 - 2009-11-13 22:29 - 00000000 ___SD C:\Users\Roland\AppData\LocalLow\Temp 2017-03-27 15:49 - 2009-11-13 20:13 - 00000000 ____D C:\Users\Roland 2017-03-26 20:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2017-03-26 19:48 - 2016-11-16 16:43 - 00000000 ____D C:\Users\Roland\Desktop\Web Stuff 2017-03-26 19:43 - 2009-11-15 18:45 - 00000000 ____D C:\Users\Roland\Documents\2 Fm Decions Current 2017-03-26 19:36 - 2009-07-14 01:13 - 00803678 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-26 19:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2017-03-24 20:14 - 2012-12-25 21:16 - 00000000 ____D C:\Users\Roland\AppData\Local\CrashDumps 2017-03-24 18:14 - 2009-12-02 20:43 - 00000000 ____D C:\Windows\Minidump 2017-03-24 17:38 - 2013-04-25 09:04 - 00000000 ____D C:\Program Files (x86)\iolo 2017-03-24 17:37 - 2011-01-03 21:35 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2017-03-24 17:31 - 2013-04-25 09:05 - 00000000 ____D C:\ProgramData\iolo 2017-03-24 17:13 - 2010-10-02 08:07 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-21 14:31 - 2012-10-12 14:38 - 00000000 ____D C:\Users\Roland\AppData\Local\ElevatedDiagnostics 2017-03-21 12:25 - 2014-12-27 23:08 - 00000000 ____D C:\Users\Roland\Desktop\Pics 12 14 2017-03-21 12:22 - 2017-02-09 21:01 - 00000000 ____D C:\Users\Roland\Desktop\217 AGO 2017-03-21 12:05 - 2015-12-10 17:04 - 00548928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2017-03-21 11:59 - 2012-02-12 20:15 - 00000000 ____D C:\Users\Roland\Desktop\Unused Ikons 2017-03-20 22:16 - 2015-12-10 17:00 - 00000000 ____D C:\ProgramData\AVAST Software 2017-03-20 21:04 - 2013-09-14 09:46 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-03-20 21:04 - 2012-03-28 21:26 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-03-20 21:04 - 2011-11-11 14:59 - 00000000 ____D C:\Windows\system32\Macromed 2017-03-20 21:04 - 2011-06-03 20:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-03-20 21:04 - 2009-09-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-03-20 20:54 - 2009-07-13 22:34 - 00454268 ____R C:\Windows\system32\Drivers\etc\hosts.20170324-134951.backup 2017-03-20 19:31 - 2016-01-22 13:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-03-19 21:55 - 2015-12-10 17:04 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148997492429004 2017-03-19 21:52 - 2015-12-10 17:04 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148997492880006 2017-03-19 21:52 - 2015-12-10 17:04 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-03-19 21:51 - 2016-03-22 18:15 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2017-03-19 21:51 - 2015-12-10 17:04 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-03-19 21:46 - 2010-12-16 22:40 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-19 21:46 - 2010-12-16 22:40 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-19 21:38 - 2015-12-10 17:04 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.148997402374507 2017-03-19 21:38 - 2015-12-10 17:04 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148997402494610 2017-03-19 21:38 - 2015-12-10 17:04 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148997402578812 2017-03-19 21:36 - 2009-11-13 20:13 - 00112616 _____ C:\Users\Roland\AppData\Local\GDIPFONTCACHEV1.DAT 2017-03-19 21:32 - 2015-12-10 17:04 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2017-03-19 21:31 - 2017-01-26 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-03-19 21:31 - 2014-01-06 15:40 - 00000000 ____D C:\Program Files\UVK - Ultra Virus Killer 2017-03-19 21:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat 2017-03-19 21:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2017-03-19 21:26 - 2016-01-05 12:35 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Intuit 2017-03-18 19:25 - 2012-10-12 15:05 - 00000000 ____D C:\temp 2017-03-15 20:46 - 2016-10-27 20:52 - 00000000 ____D C:\Users\Roland\Desktop\Email Stuff 2017-03-14 17:24 - 2013-12-13 21:13 - 00000000 ____D C:\Users\Roland\Desktop\Ishler feed prices 2017-03-10 22:27 - 2016-01-05 12:41 - 00000000 ____D C:\Users\Roland\Documents\TurboTax 2017-03-09 15:46 - 2014-11-02 04:40 - 00000000 ____D C:\Users\Roland\Desktop\friends 2017-03-09 15:37 - 2016-01-05 12:33 - 00000629 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc ==================== Files in the root of some directories ======= 2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Smooth Strings 2014-05-21 15:59 - 2014-05-21 15:59 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Solid Colors 2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Sound Effects 2014-05-21 15:57 - 2014-05-21 15:57 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Static Library 2017-03-24 11:26 - 2017-03-25 07:10 - 0007605 _____ () C:\Users\Roland\AppData\Local\resmon.resmoncfg 2013-04-23 21:48 - 2013-04-23 21:48 - 2250054 _____ () C:\ProgramData\1.bmp 2013-04-23 21:47 - 2013-04-23 21:47 - 0302806 _____ () C:\ProgramData\1.jpg 2011-01-03 21:26 - 2011-01-03 21:38 - 0000802 _____ () C:\ProgramData\hpzinstall.log 2016-01-05 12:33 - 2017-03-09 15:37 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2014-05-21 15:57 - 2014-05-21 15:57 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT 2014-05-21 15:59 - 2014-05-21 15:59 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2014-05-21 15:58 - 2014-05-23 11:55 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-05-21 15:58 - 2014-05-21 15:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\ProgramData\Soundtrack 2014-05-21 15:59 - 2014-05-21 15:59 - 0000268 ___RH () C:\ProgramData\Space Choir 2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\ProgramData\Spacious 2014-05-21 15:57 - 2014-05-21 15:57 - 0000268 ___RH () C:\ProgramData\String Ensemble 2012-10-12 17:31 - 2012-10-12 19:46 - 0028232 _____ () C:\ProgramData\xportnchk.ini Some files in TEMP: ==================== 2017-03-27 16:00 - 2017-03-27 16:00 - 3957784 _____ (Geek Unіnstaller) C:\Users\Roland\AppData\Local\Temp\geek64.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-20 22:23 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by Roland (27-03-2017 17:06:55) Running from C:\Users\Roland\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2009-11-14 00:13:43) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3236689562-672039265-411895171-500 - Administrator - Disabled) Guest (S-1-5-21-3236689562-672039265-411895171-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3236689562-672039265-411895171-1002 - Limited - Enabled) Roland (S-1-5-21-3236689562-672039265-411895171-1000 - Administrator - Enabled) => C:\Users\Roland SophosSAUROLAND-PC0 (S-1-5-21-3236689562-672039265-411895171-1006 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5} AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508} FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 470_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 470_Readme (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 7-Zip 15.12 (HKLM-x32\...\{23170F69-40C1-2701-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) BPDSoftware (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Brother HL-5040 (HKLM-x32\...\Brother HL-5040) (Version: - ) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation) Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform) Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell) Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.3.0 - Synaptics Incorporated) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd) DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden EPSON Artisan 810 Series Printer Uninstall (HKLM\...\EPSON Artisan 810 Series) (Version: - SEIKO EPSON Corporation) EPSON Artisan 830 Series Printer Uninstall (HKLM\...\EPSON Artisan 830 Series) (Version: - SEIKO EPSON Corporation) Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION) FINPACK (HKLM-x32\...\FINPACK) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.110 - Google Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - ) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden H470 (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.) HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP OfficeJet H470 (HKLM\...\{2B71BB94-F52C-4EF2-85E8-45E63296EDF2}) (Version: 13.0 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 2.3.11.8936 - LeapFrog) LeapFrog Connect (x32 Version: 2.3.11.8936 - LeapFrog) Hidden LeapFrog Tag Plugin (x32 Version: 2.3.11.8936 - LeapFrog) Hidden Lexmark 840 Series (HKLM\...\Lexmark 840 Series) (Version: - Lexmark International, Inc.) Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Accounting 2008 (HKLM-x32\...\Microsoft Office Accounting 2008) (Version: 3.0.8627.1 - Microsoft Corporation) Microsoft Office Accounting 2008 Equifax Addin (HKLM-x32\...\{0C2AF762-0565-4C91-9F55-B8B53BB82A38}) (Version: 3.0.8231.0 - Microsoft Corporation) Microsoft Office Accounting 2008 Fixed Asset Manager (HKLM-x32\...\{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}) (Version: 3.0.8231.0 - Microsoft Corporation) Microsoft Office Accounting 2008 PayPal Addin (HKLM-x32\...\{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}) (Version: 3.0.8231.0 - Microsoft Corporation) Microsoft Office Accounting ADP Payroll Addin (HKLM-x32\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation) Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) MPM (HKLM-x32\...\{00772F8B-37FF-4704-A47D-72B30BFAF126}) (Version: 1.00.0000 - Hewlett-Packard) Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon) Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.) Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon) PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.) ProductContext (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.) Reliable IT repair tool (HKLM\...\UVK - Ultra virus killer) (Version: 5.9.0.1 - Reliable IT) Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden TomTom HOME 2.8.3.2499 (HKLM-x32\...\TomTom HOME) (Version: 2.8.3.2499 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 2.3.11.8936 - LeapFrog) ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.6.0 - Nikon) WebEx (HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.324 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {000E6622-8E66-4CB8-BB22-0F4F4C9CAD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {0726F637-A340-47AC-8B8F-6087BA8A0E2C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-20] (Adobe Systems Incorporated) Task: {15832EAB-161B-4C8A-96A7-11300F4C614B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd) Task: {20F7C2B2-27FE-45D5-9359-9EA921ECC318} - System32\Tasks\{B2F436F5-BB82-4B49-AA0E-CF73AB8ED396} => pcalua.exe -a C:\Users\Roland\Desktop\install_flash_player_9.exe -d C:\Users\Roland\Desktop Task: {2C4E3533-1253-41DD-A189-F2AE3C1BD123} - System32\Tasks\{0340C534-D0C2-4710-BD77-C5035BF28B2D} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe Task: {42D84E80-EF07-499A-84A4-7ED19604493F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software) Task: {57946441-35E3-4F03-BB0D-B5F132F26294} - System32\Tasks\{911256C9-F921-4261-91B8-2BD6F6AD8D8C} => pcalua.exe -a D:\setup.exe -d D:\ Task: {5F38FEEE-8C02-46AF-A131-3495F00C96DC} - System32\Tasks\{CE6D138D-5A2A-4319-8091-2DF841919D35} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe Task: {8796A92C-9213-47B3-838D-44229A147DA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {A6CEFA61-91CB-4C24-B433-ADFFFE59AC68} - System32\Tasks\{F1F36E3E-E697-479D-8DCD-598E6B1EAD20} => pcalua.exe -a "C:\Program Files (x86)\FINPACK\FINPACK.exe" -d "C:\Program Files (x86)\FINPACK" Task: {C067F5CD-BD7C-4EC2-86A8-B44B1938E709} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation) Task: {C56D37B2-D883-47CE-BC6F-D066233631ED} - System32\Tasks\{47FBF903-CA97-4C8A-9129-AA1B50D7A5AB} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe Task: {DD3422B8-7429-47EF-99E6-189B5A044880} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {E49F9117-EAD7-49CF-888D-268FFDA38A82} - System32\Tasks\{F3743546-E375-4083-AA1F-907F3B6A7548} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-03-24 17:13 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" e" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7933 more sites. IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\123simsen.com -> www.123simsen.com There are 7933 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2017-03-24 13:49 - 00454268 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15591 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3236689562-672039265-411895171-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s MSCONFIG\startupreg: Sophos AutoUpdate Monitor => "C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe" MSCONFIG\startupreg: ZAM => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{038284C9-21D7-4C57-B2CA-3129CA4F6DCB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{F0D53FFF-117C-4CFC-B466-6444D4129286}] => (Allow) svchost.exe FirewallRules: [{690CD6B3-A821-4EE2-8E8B-7E19FB36832E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{32867B3C-68D8-430C-8CE8-C97BDE04BD36}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe FirewallRules: [{181BC4D1-CF38-4CD8-8098-41602D3B2F18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe FirewallRules: [TCP Query User{D28938A5-4200-4414-A6EB-7BA4AC3FCD04}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{8E202954-8352-4CD4-894F-1BA42C4764C8}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{F307F74A-05EB-40FC-8E92-93EB3ECF0991}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [TCP Query User{59B3E3EE-53C5-4CF5-8606-E5F1128C9806}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [UDP Query User{F0C51941-73EC-45D2-8A6F-90026BBF867D}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe FirewallRules: [{260AA70C-A480-4AF7-871F-99F2B749BC5A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{5339CD95-FB28-4685-9D54-9988E3F183CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{CFF3455C-2156-4845-A327-B93D17C0C93F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{D896FF1F-17E7-4BAC-9BFC-0D508F7AAC0B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{A8FBF3FF-A95E-4024-A43A-32CB44CB1CA0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{17D9F753-3D9E-40D8-9FBD-2545F6A72B9E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{E6D2905E-809F-4396-8C77-B0658DFA32C4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{3276CC50-06F1-4193-80BC-BAED1CE4B134}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{5F485083-100A-4E25-ADE9-1C64E5182FB6}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{83EDD164-EED3-49EF-BA0D-D9E6669D3072}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{D4EAAD28-FC03-412C-A0CF-563335C18C16}] => (Allow) C:\Windows\SysWOW64\lxdbcoms.exe FirewallRules: [{10E19EEF-EDA0-47D5-B24C-158A6E2E3888}] => (Allow) C:\Windows\SysWOW64\lxdbcoms.exe FirewallRules: [{51E24C8D-B58A-409F-901F-98610A557676}] => (Allow) C:\Windows\System32\lxdbcoms.exe FirewallRules: [{D2B83F41-1755-4309-8E66-76D1B3716E99}] => (Allow) C:\Windows\System32\lxdbcoms.exe FirewallRules: [{8D1C7B49-C381-4550-B2BE-E4EE22167B34}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdbpswx.exe FirewallRules: [{2916B473-DF6B-458C-B41E-F85CC6FC8323}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdbpswx.exe FirewallRules: [{36F4ED32-684C-4802-8D96-D100011FEC0B}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{CEBC5D2A-8BA9-4887-8345-78A37B9317E1}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{04571419-0A36-4653-A059-CA1DC1381894}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe FirewallRules: [{24018CCD-8012-4613-9263-158C940FF7EE}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe FirewallRules: [TCP Query User{308B603B-5966-44A6-9264-C690374408C7}D:\common\driver update\edupdate.exe] => (Allow) D:\common\driver update\edupdate.exe FirewallRules: [UDP Query User{D1E302F4-6D01-492F-BF27-A47A7973E015}D:\common\driver update\edupdate.exe] => (Allow) D:\common\driver update\edupdate.exe FirewallRules: [TCP Query User{6F5C2C91-CCE1-49A5-995D-EFE441B0D738}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{4BAED64E-A588-4C7F-B491-BF0F3DB128B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{9F434B64-5201-479E-8F3C-B40F759C2E71}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe FirewallRules: [UDP Query User{6AE359A2-D450-4E3C-9AF1-55D995355106}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe FirewallRules: [{2727304C-2BD1-45AF-A226-F6A8D9C22580}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{BA134C11-FA2A-4CE3-9CE2-494F0B1CCA50}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{BC05E73F-B080-452C-B93B-A769D25C1DCF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{ACFE8DF7-A332-485F-A453-F061445889BD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{DB4D48C7-A8D4-4052-8501-96F6DBD0562C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{570E300A-8EB8-4318-BB81-19FDCF191021}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{807140A2-9538-407D-ADD0-AA344E9A618E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{5E02E12C-13A9-4673-AC72-67A25D97D67C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561_0\SZBrowser.exe ==================== Restore Points ========================= 22-02-2017 23:52:06 Spybot-S&D Spyware removal 09-03-2017 15:33:04 Installed TurboTax 2016 wrapper 09-03-2017 15:42:48 Installed TurboTax 2016 wpaiper 19-03-2017 21:15:38 Restore Operation ==================== Faulty Device Manager Devices ============= Name: HP OfficeJet Pro 8710 Description: HP OfficeJet Pro 8710 Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 4200 Description: hp LaserJet 4200 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: avast! Revert Description: avast! Revert Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswRvrt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: avast! VM Monitor Description: avast! VM Monitor Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswVmm Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (03/25/2017 07:15:08 AM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/25/2017 07:15:08 AM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/25/2017 07:15:08 AM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/25/2017 07:15:07 AM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (03/25/2017 07:15:03 AM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.JetPropStore> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/25/2017 07:15:03 AM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/25/2017 07:15:03 AM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/25/2017 07:15:03 AM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/25/2017 07:15:03 AM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800)) Error: (03/25/2017 07:15:02 AM) (Source: ESENT) (EventID: 455) (User: ) Description: Windows (5016) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00037.log. System errors: ============= Error: (03/27/2017 05:05:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (03/27/2017 05:05:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (03/27/2017 05:05:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (03/27/2017 05:05:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (03/27/2017 05:05:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (03/27/2017 05:05:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (03/27/2017 05:04:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (03/27/2017 05:04:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (03/27/2017 05:04:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (03/27/2017 05:02:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Percentage of memory in use: 30% Total physical RAM: 4056.36 MB Available physical RAM: 2836.1 MB Total Virtual: 8110.91 MB Available Virtual: 6990.2 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:446.59 GB) (Free:329.3 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 2B391CB6) Partition 1: (Not Active) - (Size=298 MB) - (Type=DE) Partition 2: (Active) - (Size=18.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by Roland (27-03-2017 15:49:00) Run:1 Running from C:\Users\Roland\Desktop Loaded Profiles: Roland (Available Profiles: Roland) Boot Mode: Safe Mode (with Networking) ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\MountPoints2: {8e2ca473-66df-11e1-84bf-00256453184c} - E:\LaunchU3.exe -a HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\MountPoints2: {cd7eb792-ae50-11e1-a764-00256453184c} - E:\LaunchU3.exe -a HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\MountPoints2: {ddbed58b-c0dc-11e3-b8db-00256453184c} - E:\X-Play.exe HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" HKU\S-1-5-21-3236689562-672039265-411895171-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) CHR Extension: (Chrome Media Router) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-19] S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X] S3 cpuz132; \??\C:\Users\Roland\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X] <==== ATTENTION S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X] C:\Users\Roland\AppData\Local\4qca050qorimufwc2gvij046pg8t2 C:\Users\Roland\AppData\Local\{84F12E10-AE3B-441E-AAF6-BE7058C32249} C:\ProgramData\4qca050qorimufwc2gvij046pg8t2 C:\Users\Roland\g2ax_customer_downloadhelper_win32_x86.exe 2017-03-24 17:08 - 2017-03-24 17:08 - 0000000 _____ () C:\Users\Roland\AppData\Local\Temp\gvjdihb6.dll 2017-03-26 20:47 - 2017-03-26 20:47 - 0011776 _____ () C:\Users\Roland\AppData\Local\Temp\jb6gycw4.dll 2017-03-25 10:57 - 2017-03-25 10:57 - 0013312 _____ () C:\Users\Roland\AppData\Local\Temp\ks-sid6t.dll 2017-03-26 19:52 - 2017-03-26 19:52 - 0011776 _____ () C:\Users\Roland\AppData\Local\Temp\yc5atlmm.dll Task: {11215097-6250-4599-8340-F7E3329EE700} - System32\Tasks\{28B64BF0-4573-49F4-A4F9-B8A45F1F752D} => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26] (Safer Networking Limited) Task: {7485CA8F-AFD4-4DA3-A940-3C163D804ADF} - System32\Tasks\SafeZone scheduled Autoupdate 1458684931 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software) Task: {81522B4C-BED1-4903-947D-D1B6DCAEAF32} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-19] (AVAST Software) Task: {FC143A44-0779-48CD-A75E-FC3A9D758926} - System32\Tasks\Weekly scan => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2017-02-03] (Sophos Limited) Task: C:\Windows\Tasks\Weekly scan.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe FirewallRules: [{D928A6D2-1544-4705-B4E3-1086DB68CD96}] => (Allow) LPort=2869 FirewallRules: [{5B6F0286-C0C6-4AF2-BA95-88BDDEB5D509}] => (Allow) LPort=1900 CMD: ipconfig /flushdns EmptyTemp: end ***************** Processes closed successfully. Error: Restore point can only be created in normal mode. HKU\S-1-5-21-3236689562-672039265-411895171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e2ca473-66df-11e1-84bf-00256453184c} => key removed successfully HKCR\CLSID\{8e2ca473-66df-11e1-84bf-00256453184c} => key not found. HKU\S-1-5-21-3236689562-672039265-411895171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd7eb792-ae50-11e1-a764-00256453184c} => key removed successfully HKCR\CLSID\{cd7eb792-ae50-11e1-a764-00256453184c} => key not found. HKU\S-1-5-21-3236689562-672039265-411895171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddbed58b-c0dc-11e3-b8db-00256453184c} => key removed successfully HKCR\CLSID\{ddbed58b-c0dc-11e3-b8db-00256453184c} => key not found. HKU\S-1-5-21-3236689562-672039265-411895171-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully HKU\S-1-5-21-3236689562-672039265-411895171-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value removed successfully HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value removed successfully HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found. C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully HKLM\System\CurrentControlSet\Services\AntiLog32 => key removed successfully AntiLog32 => service removed successfully HKLM\System\CurrentControlSet\Services\cpuz132 => key removed successfully cpuz132 => service removed successfully HKLM\System\CurrentControlSet\Services\keycrypt => key removed successfully keycrypt => service removed successfully C:\Users\Roland\AppData\Local\4qca050qorimufwc2gvij046pg8t2 => moved successfully C:\Users\Roland\AppData\Local\{84F12E10-AE3B-441E-AAF6-BE7058C32249} => moved successfully C:\ProgramData\4qca050qorimufwc2gvij046pg8t2 => moved successfully C:\Users\Roland\g2ax_customer_downloadhelper_win32_x86.exe => moved successfully C:\Users\Roland\AppData\Local\Temp\gvjdihb6.dll => moved successfully C:\Users\Roland\AppData\Local\Temp\jb6gycw4.dll => moved successfully C:\Users\Roland\AppData\Local\Temp\ks-sid6t.dll => moved successfully C:\Users\Roland\AppData\Local\Temp\yc5atlmm.dll => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11215097-6250-4599-8340-F7E3329EE700} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11215097-6250-4599-8340-F7E3329EE700} => key removed successfully C:\Windows\System32\Tasks\{28B64BF0-4573-49F4-A4F9-B8A45F1F752D} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{28B64BF0-4573-49F4-A4F9-B8A45F1F752D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7485CA8F-AFD4-4DA3-A940-3C163D804ADF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7485CA8F-AFD4-4DA3-A940-3C163D804ADF} => key removed successfully C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458684931 => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SafeZone scheduled Autoupdate 1458684931 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{81522B4C-BED1-4903-947D-D1B6DCAEAF32} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81522B4C-BED1-4903-947D-D1B6DCAEAF32} => key removed successfully C:\Windows\System32\Tasks\Avast Emergency Update => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Emergency Update => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC143A44-0779-48CD-A75E-FC3A9D758926} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC143A44-0779-48CD-A75E-FC3A9D758926} => key removed successfully C:\Windows\System32\Tasks\Weekly scan => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Weekly scan => key removed successfully C:\Windows\Tasks\Weekly scan.job => moved successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D928A6D2-1544-4705-B4E3-1086DB68CD96} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B6F0286-C0C6-4AF2-BA95-88BDDEB5D509} => value removed successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14467843 B Java, Flash, Steam htmlcache => 545 B Windows/system/drivers => 72169 B Edge => 0 B Chrome => 42594595 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 118046 B systemprofile32 => 83539 B LocalService => 1773946 B NetworkService => 33058 B Roland => 218774763 B RecycleBin => 0 B EmptyTemp: => 265.1 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:49:10 ====

yes I ran it and restarted into normal mode to do the uninstalls and it locked up on me during that. I'm currently in safe mode running Malwarebytes with the rootkit button on.

The machine doesn't load programs in normal mode and the internet doesn't work.

Okay, here are the results from the FRST file: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 Ran by Roland (administrator) on ROLAND-PC (27-03-2017 14:30:05) Running from C:\Users\Roland\Desktop Loaded Profiles: Roland (Available Profiles: Roland) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.) HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-19] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) Winlogon\Notify\GoToAssist: Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Run: [EPSON Artisan 830 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\MountPoints2: {8e2ca473-66df-11e1-84bf-00256453184c} - E:\LaunchU3.exe -a HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\MountPoints2: {cd7eb792-ae50-11e1-a764-00256453184c} - E:\LaunchU3.exe -a HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\MountPoints2: {ddbed58b-c0dc-11e3-b8db-00256453184c} - E:\X-Play.exe HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-19] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-19] (AVAST Software) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-23] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-23] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) BootExecute: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [139832 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [198016 2017-02-03] (Sophos Limited) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{D106EC69-996A-405C-BFA0-2F6611237F58}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{FEC7D3F0-8222-44DB-A6F2-AA3C2578E80A}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3236689562-672039265-411895171-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3236689562-672039265-411895171-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-3236689562-672039265-411895171-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {598DAE95-DAD6-4990-A6FA-89F5528F5FBC} URL = SearchScopes: HKLM -> {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3236689562-672039265-411895171-1000 -> x-osid:1:search:3F3D596FB2A545659B3F13D7CEB86011 URL = SearchScopes: HKU\S-1-5-21-3236689562-672039265-411895171-1000 -> {992B097A-F42C-4068-9B57-8F0F69F735AA} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-19] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-19] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.) DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab FireFox: ======== FF ProfilePath: C:\Users\Roland\AppData\Roaming\TomTom\HOME\Profiles\phu6xfhq.default [2014-06-23] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2012-03-02] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-03-19] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-03-19] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-03] [not signed] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-20] () FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-20] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3236689562-672039265-411895171-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Roland\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-21] (Citrix Online) Chrome: ======= CHR HomePage: Default -> bing.com/?pc=__PARAM__ CHR NewTab: Default -> Not-active:"chrome-extension://keeehhjhphcojjapflaajmgbnkgibaba/newtab/blank.html", Not-active:"chrome-extension://khimdpalkmijiicmeogdijibkkmlhfol/stubby.html", Not-active:"chrome-extension://kgfgkmglngfjihijajckoidgoglmajan/newtab/newtab.html" CHR DefaultSearchURL: Default -> hxxp://srchnet.com/search/{searchTerms} CHR DefaultSearchKeyword: Default -> {searchTerms} CHR Profile: C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default [2017-03-27] CHR Extension: (Avast Online Security) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-19] CHR Extension: (Bing) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2016-08-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-19] CHR Extension: (Chrome Media Router) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-19] CHR HKU\S-1-5-21-3236689562-672039265-411895171-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-19] (AVAST Software s.r.o.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-19] (AVAST Software) S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed] S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed] S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed] S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] S4 lxdb_device; C:\Windows\system32\lxdbcoms.exe [566192 2007-02-02] ( ) S4 lxdb_device; C:\Windows\SysWOW64\lxdbcoms.exe [537520 2007-02-02] ( ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [315800 2017-02-03] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [289448 2017-02-03] (Sophos Limited) S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [901248 2016-04-15] (Sophos Limited) S2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [413048 2017-02-03] (Sophos Limited) S2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [780944 2017-02-03] (Sophos Limited) S2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [1098784 2017-02-03] (Sophos Limited) S2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2017-02-03] (Sophos Limited) S2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2499872 2017-02-03] (Sophos Limited) S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.) S2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3615280 2017-02-03] (Sophos Limited) S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2121224 2017-02-03] (Sophos Limited) S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14509296 2017-03-22] (Copyright 2017.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-19] (AVAST Software s.r.o.) S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-19] (AVAST Software s.r.o.) S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-19] (AVAST Software s.r.o.) S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-19] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-19] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-19] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-19] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-19] (AVAST Software) S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-19] (AVAST Software) S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-19] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-21] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-19] (AVAST Software) S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-19] (AVAST Software) S2 BrPar; C:\Windows\SysWOW64\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed] S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation) S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] () S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2009-11-10] (LeapFrog) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-03-24] () R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-27] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-27] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-27] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-26] (Malwarebytes) S1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [201168 2017-02-03] (Sophos Limited) S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2016-04-17] (Sophos Limited) S2 sntp; C:\Windows\System32\DRIVERS\sntp.sys [116144 2016-04-16] (Sophos Limited) R0 Sophos Endpoint Defense; C:\Windows\System32\DRIVERS\SophosED.sys [200760 2017-02-03] (Sophos Limited) S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2016-04-16] (Sophos Limited) S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-15] (support.com, Inc) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-28] () U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () S1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-24] (Zemana Ltd.) S1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-24] (Zemana Ltd.) S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X] S3 cpuz132; \??\C:\Users\Roland\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X] <==== ATTENTION S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-27 14:30 - 2017-03-27 14:30 - 00023978 _____ C:\Users\Roland\Desktop\FRST.txt 2017-03-27 14:29 - 2017-03-27 14:30 - 00000000 ____D C:\FRST 2017-03-27 14:29 - 2017-03-27 14:29 - 02424832 _____ (Farbar) C:\Users\Roland\Desktop\FRST64.exe 2017-03-27 14:18 - 2017-03-27 14:19 - 00072870 _____ C:\Windows\ntbtlog.txt 2017-03-25 07:14 - 2017-03-25 07:14 - 00000000 ____D C:\ProgramData\SWCUTemp 2017-03-24 20:20 - 2017-03-24 20:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Roland\Downloads\rkill.exe 2017-03-24 18:28 - 2017-03-26 21:33 - 00054645 _____ C:\Windows\ZAM.krnl.trace 2017-03-24 18:28 - 2017-03-26 21:33 - 00025232 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-03-24 18:28 - 2017-03-24 18:28 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-03-24 18:28 - 2017-03-24 18:28 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2017-03-24 18:28 - 2017-03-24 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-03-24 18:28 - 2017-03-24 18:28 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-03-24 18:07 - 2017-03-24 18:07 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2017-03-24 17:47 - 2017-03-24 19:29 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2017-03-24 17:37 - 2017-03-24 17:37 - 00079086 _____ C:\Windows\system32\.crusader 2017-03-24 17:20 - 2017-03-24 17:20 - 00000000 ____D C:\Users\Roland\AppData\Local\Zemana 2017-03-24 17:19 - 2017-03-24 17:20 - 05763056 _____ (Zemana Ltd. ) C:\Users\Roland\Downloads\Zemana.AntiMalware.Setup.exe 2017-03-24 17:19 - 2017-03-24 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-03-24 17:19 - 2017-03-24 17:19 - 00000000 ____D C:\Program Files\HitmanPro 2017-03-24 17:18 - 2017-03-24 17:37 - 00000000 ____D C:\ProgramData\HitmanPro 2017-03-24 17:17 - 2017-03-24 17:18 - 11581544 _____ (SurfRight B.V.) C:\Users\Roland\Downloads\HitmanPro_x64.exe 2017-03-24 17:14 - 2017-03-27 14:19 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-03-24 17:14 - 2017-03-27 14:19 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-03-24 17:14 - 2017-03-27 14:19 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-03-24 17:14 - 2017-03-27 14:19 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-03-24 17:14 - 2017-03-26 20:49 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-03-24 17:14 - 2017-03-24 19:43 - 00000000 ____D C:\AdwCleaner 2017-03-24 17:14 - 2017-03-24 17:14 - 04031440 _____ C:\Users\Roland\Downloads\adwcleaner_6.044.exe 2017-03-24 17:13 - 2017-03-24 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-24 17:13 - 2017-03-24 17:13 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-24 17:13 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-03-24 17:12 - 2017-03-24 17:13 - 57131432 _____ (Malwarebytes ) C:\Users\Roland\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-24 11:38 - 2017-03-24 11:38 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Eusing 2017-03-24 11:38 - 2017-03-24 11:38 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner 2017-03-24 11:26 - 2017-03-25 07:10 - 00007605 _____ C:\Users\Roland\AppData\Local\resmon.resmoncfg 2017-03-24 11:06 - 2017-03-24 11:06 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-03-24 11:06 - 2017-03-24 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-03-24 11:06 - 2017-03-24 11:06 - 00000000 ____D C:\Program Files\CCleaner 2017-03-20 20:54 - 2017-02-22 22:59 - 00453720 _____ C:\Windows\system32\Drivers\etc\hosts.20170320-205400.backup 2017-03-19 21:55 - 2017-03-26 20:56 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-03-19 21:55 - 2017-03-19 21:50 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys 2017-03-19 21:55 - 2017-03-19 21:50 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2017-03-19 21:55 - 2017-03-19 21:50 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys 2017-03-19 21:55 - 2017-03-19 21:50 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys 2017-03-19 21:53 - 2017-03-19 21:52 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-03-19 21:40 - 2017-03-19 21:40 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys 2017-03-09 19:44 - 2017-03-10 16:46 - 00000000 ____D C:\Users\Roland\AppData\Local\Glance 2017-03-09 15:35 - 2017-03-19 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016 2017-03-09 14:54 - 2017-03-19 21:31 - 00000000 ____D C:\6b250ebe7832362a99249059 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-26 21:00 - 2017-02-22 20:28 - 00000542 _____ C:\Windows\Tasks\Weekly scan.job 2017-03-26 20:58 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-26 20:58 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-26 20:47 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Roland\AppData\Local\SoftThinks 2017-03-26 20:47 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2017-03-26 20:47 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2017-03-26 20:47 - 2009-09-23 17:33 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2017-03-26 20:46 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-26 20:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2017-03-26 19:48 - 2016-11-16 16:43 - 00000000 ____D C:\Users\Roland\Desktop\Web Stuff 2017-03-26 19:43 - 2009-11-15 18:45 - 00000000 ____D C:\Users\Roland\Documents\2 Fm Decions Current 2017-03-26 19:36 - 2009-07-14 01:13 - 00803678 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-26 19:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2017-03-25 07:27 - 2009-11-13 20:13 - 00000000 ____D C:\Users\Roland 2017-03-24 20:27 - 2014-11-02 04:44 - 00000000 ____D C:\Users\Roland\Desktop\cyber sec 2017-03-24 20:14 - 2012-12-25 21:16 - 00000000 ____D C:\Users\Roland\AppData\Local\CrashDumps 2017-03-24 18:14 - 2009-12-02 20:43 - 00000000 ____D C:\Windows\Minidump 2017-03-24 17:38 - 2013-04-25 09:04 - 00000000 ____D C:\Program Files (x86)\iolo 2017-03-24 17:37 - 2011-01-03 21:35 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2017-03-24 17:31 - 2013-04-25 09:05 - 00000000 ____D C:\ProgramData\iolo 2017-03-24 17:13 - 2010-10-02 08:07 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-24 16:52 - 2010-10-02 08:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-03-21 14:31 - 2012-10-12 14:38 - 00000000 ____D C:\Users\Roland\AppData\Local\ElevatedDiagnostics 2017-03-21 12:25 - 2014-12-27 23:08 - 00000000 ____D C:\Users\Roland\Desktop\Pics 12 14 2017-03-21 12:22 - 2017-02-09 21:01 - 00000000 ____D C:\Users\Roland\Desktop\217 AGO 2017-03-21 12:05 - 2015-12-10 17:04 - 00548928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2017-03-21 11:59 - 2012-02-12 20:15 - 00000000 ____D C:\Users\Roland\Desktop\Unused Ikons 2017-03-20 22:16 - 2015-12-10 17:00 - 00000000 ____D C:\ProgramData\AVAST Software 2017-03-20 21:04 - 2013-09-14 09:46 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-03-20 21:04 - 2012-03-28 21:26 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-03-20 21:04 - 2011-11-11 14:59 - 00000000 ____D C:\Windows\system32\Macromed 2017-03-20 21:04 - 2011-06-03 20:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-03-20 21:04 - 2009-09-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-03-20 20:54 - 2009-07-13 22:34 - 00454268 ____R C:\Windows\system32\Drivers\etc\hosts.20170324-134951.backup 2017-03-20 20:26 - 2013-07-22 11:02 - 00000000 ____D C:\ProgramData\Sophos 2017-03-20 19:31 - 2016-01-22 13:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-03-20 19:21 - 2016-03-22 18:15 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458684931 2017-03-19 21:55 - 2015-12-10 17:04 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148997492429004 2017-03-19 21:52 - 2015-12-10 17:04 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148997492880006 2017-03-19 21:52 - 2015-12-10 17:04 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-03-19 21:52 - 2015-12-10 17:04 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-03-19 21:51 - 2016-03-22 18:15 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2017-03-19 21:51 - 2015-12-10 17:04 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-03-19 21:46 - 2010-12-16 22:40 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-19 21:46 - 2010-12-16 22:40 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-19 21:41 - 2015-12-10 17:04 - 00001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-03-19 21:38 - 2015-12-10 17:04 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.148997402374507 2017-03-19 21:38 - 2015-12-10 17:04 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148997402494610 2017-03-19 21:38 - 2015-12-10 17:04 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148997402578812 2017-03-19 21:36 - 2009-11-13 20:13 - 00112616 _____ C:\Users\Roland\AppData\Local\GDIPFONTCACHEV1.DAT 2017-03-19 21:32 - 2015-12-10 17:04 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2017-03-19 21:31 - 2017-01-26 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-03-19 21:31 - 2014-01-06 15:40 - 00000000 ____D C:\Program Files\UVK - Ultra Virus Killer 2017-03-19 21:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat 2017-03-19 21:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2017-03-19 21:26 - 2016-01-05 12:35 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Intuit 2017-03-18 19:25 - 2012-10-12 15:05 - 00000000 ____D C:\temp 2017-03-15 20:46 - 2016-10-27 20:52 - 00000000 ____D C:\Users\Roland\Desktop\Email Stuff 2017-03-14 17:24 - 2013-12-13 21:13 - 00000000 ____D C:\Users\Roland\Desktop\Ishler feed prices 2017-03-10 22:27 - 2016-01-05 12:41 - 00000000 ____D C:\Users\Roland\Documents\TurboTax 2017-03-09 15:46 - 2014-11-02 04:40 - 00000000 ____D C:\Users\Roland\Desktop\friends 2017-03-09 15:37 - 2016-01-05 12:33 - 00000629 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc ==================== Files in the root of some directories ======= 2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Smooth Strings 2014-05-21 15:59 - 2014-05-21 15:59 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Solid Colors 2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Sound Effects 2014-05-21 15:57 - 2014-05-21 15:57 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Static Library 2012-01-03 18:39 - 2012-01-03 20:17 - 0008702 _____ () C:\Users\Roland\AppData\Local\4qca050qorimufwc2gvij046pg8t2 2017-03-24 11:26 - 2017-03-25 07:10 - 0007605 _____ () C:\Users\Roland\AppData\Local\resmon.resmoncfg 2016-04-12 14:21 - 2016-04-12 14:21 - 0000000 _____ () C:\Users\Roland\AppData\Local\{84F12E10-AE3B-441E-AAF6-BE7058C32249} 2013-04-23 21:48 - 2013-04-23 21:48 - 2250054 _____ () C:\ProgramData\1.bmp 2013-04-23 21:47 - 2013-04-23 21:47 - 0302806 _____ () C:\ProgramData\1.jpg 2012-01-03 18:39 - 2012-01-03 20:17 - 0008702 ____N () C:\ProgramData\4qca050qorimufwc2gvij046pg8t2 2011-01-03 21:26 - 2011-01-03 21:38 - 0000802 _____ () C:\ProgramData\hpzinstall.log 2016-01-05 12:33 - 2017-03-09 15:37 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2014-05-21 15:57 - 2014-05-21 15:57 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT 2014-05-21 15:59 - 2014-05-21 15:59 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2014-05-21 15:58 - 2014-05-23 11:55 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-05-21 15:58 - 2014-05-21 15:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\ProgramData\Soundtrack 2014-05-21 15:59 - 2014-05-21 15:59 - 0000268 ___RH () C:\ProgramData\Space Choir 2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\ProgramData\Spacious 2014-05-21 15:57 - 2014-05-21 15:57 - 0000268 ___RH () C:\ProgramData\String Ensemble 2012-10-12 17:31 - 2012-10-12 19:46 - 0028232 _____ () C:\ProgramData\xportnchk.ini Files to move or delete: ==================== C:\Users\Roland\g2ax_customer_downloadhelper_win32_x86.exe Some files in TEMP: ==================== 2017-03-24 17:08 - 2017-03-24 17:08 - 0000000 _____ () C:\Users\Roland\AppData\Local\Temp\gvjdihb6.dll 2017-03-26 20:47 - 2017-03-26 20:47 - 0011776 _____ () C:\Users\Roland\AppData\Local\Temp\jb6gycw4.dll 2017-03-25 10:57 - 2017-03-25 10:57 - 0013312 _____ () C:\Users\Roland\AppData\Local\Temp\ks-sid6t.dll 2017-03-26 19:52 - 2017-03-26 19:52 - 0011776 _____ () C:\Users\Roland\AppData\Local\Temp\yc5atlmm.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-20 22:23 ==================== End of FRST.txt ============================ Addition is attached. Addition_27-03-2017 14.33.44.txt

Hi Kevin, Thanks for your quick reply! I will get back with you after work today on all that stuff...

Hello, I have an dell laptop running windows 7 that loads windows but any time you open a program it takes forever and the fans are running at full blast. The CPU is maxed out by some process and the mouse locks up. I ran ran several programs including malwarebytes, zeman, and Adw cleaner, which found many malwares but the problem still persists. Any help you could provide would be fantastic! Thanks for your time.

Hello again, Thank you very much for your time and effort on this matter. I ended up reinstalling windows completely and obviously the system is running as normal now. Again I appreciate your expertise and time in helping me resolve this. Chris

Yes, out of curiosity, what will that do?

Please let me know if you have any other suggestions as I will format and reinstall tonight. Thanks again, Chris

Yes, I still have the original issue. It happens in internet explorer, chrome, and firefox with all websites. Thanks, Chris

Here is the new file. FRST.txt

Yes, here it is. Sorry about that. Addition.txt FRST.txt Shortcut.txt

Hi again; I appreciate all the help. Here are the logfiles, attached. Addition.txt FRST.txt Shortcut.txt

Yes it does. I'm not sure if I did something wrong. Thanks, Chris

Hello again. I have attempted to run the fix; however the PC behavior is the same. I have attached the log file to this message. Fixlog.txt

Thank you very much for your prompt reply. I will do the steps above and report back. Chris

Hi and thank you for your message. Yes I have scanned it with Malwarebytes many times.

Hello, I am having some issues with my PC. All browsers (firefox and chrome) are continually showing new tabs with redirects to various PC help ads. Also, upon login, I keep getting an error about virtualmart.dll. I think that is what it says. Another extremely annoying issue I'm having is that I cannot sign into these forums on the infected PC or another non-infected Windows PC. Only on my macbook can I actually sign in and post here. Any help would be very much appreciated. Thank you for your time, Chris Log files attached. Addition.txt FRST.txt

It seems to be running very well now. Thanks for all your assistance!

Great, here is the log from security check: Results of screen317's Security Check version 0.99.69 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Reader XI Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log``````````````````````