Jump to content


Photo

General Cleanup Needed

Started by DC0001 , Feb 03 2018 12:09 AM
Pop-ups Chromium

  • This topic is locked This topic is locked
17 replies to this topic

#1 DC0001

DC0001

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 03 February 2018 - 12:09 AM

 
Hi, I've got general pop-ups and infested browsers, but nothing too serious, hopefully. Got a BS "Chromium" browser on the toolbar. I'd just like some help cleaning it all up. 
 
 
This is an HP dv6 Notebook PC laptop running Windows 7 Professional. Service Pack 1.
 
8.0 GB RAM
64-bit OS
 
Hard drive has about 12 out of 127 GB free.
 
Ran Malwarebytes:
 
Instructions don't seem to match current version. History and scan log export options aren't available.
 
Ran Farbar Recovery Scan Tool: log "frst.txt" and "addition" under SWI Logs under Documents:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by David (administrator) on DAVID-LAPTOP (01-02-2018 20:24:29)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: UpdatusUser & David)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\8.2.1956.0\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\8.2.1956.0\DisplayLinkUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe
(Portrait Disbbut nplays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view-usbd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\8.2.1956.0\DisplayLinkUI.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Phone\Itibiti.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\dthtml.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-05-24] (IDT, Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [78752 2016-10-03] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-07] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe [694824 2009-03-03] ()
HKLM-x32\...\Run: [DT HPC] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [120400 2012-08-17] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-09-03] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (CANON INC.)
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME}
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2096361384-901469764-2865818563-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-2096361384-901469764-2865818563-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7704168 2017-12-20] (Lavasoft)
HKU\S-1-5-21-2096361384-901469764-2865818563-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\ItibitiLauncher.exe [2638848 2017-09-11] () <==== ATTENTION
HKU\S-1-5-21-2096361384-901469764-2865818563-1002\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe [615808 2009-10-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-2096361384-901469764-2865818563-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-02-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-27] (NVIDIA Corporation)
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2096361384-901469764-2865818563-1002\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{214ED3E9-4B87-41E5-A2A3-623DBFF8C4F6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8D9F6BE3-6D4D-4F1A-B43C-1A2D2EEC075E}: [DhcpNameServer] 172.168.0.2
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2096361384-901469764-2865818563-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
URLSearchHook: HKU\S-1-5-21-2096361384-901469764-2865818563-1002 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {A181A777-A6DF-4D92-B1C6-88C0DE651139} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2096361384-901469764-2865818563-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2096361384-901469764-2865818563-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2096361384-901469764-2865818563-1002 -> {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-serp-adk/search/redirect/?type=default&user_id=b53bab51-6b3e-4736-b02f-6129ed97f99e&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2096361384-901469764-2865818563-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-12-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll => No File
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-17] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-12-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll No File
Toolbar: HKU\S-1-5-21-2096361384-901469764-2865818563-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2013-06-19] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2096361384-901469764-2865818563-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\David\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2015-04-13] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-2096361384-901469764-2865818563-1002: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\tossc32.dll [2013-06-02] (TD Ameritrade)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2018-02-01]
CHR Extension: (HP Product Detection Plugin) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-12-05]
CHR Extension: (Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-01]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-31]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-31]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-31]
CHR Extension: (Avast SafePrice) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-01]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-03]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-07] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-07] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 client_service; C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [531432 2016-11-27] (VMware, Inc.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245264 2012-09-03] (CyberLink)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\8.2.1956.0\DisplayLinkManager.exe [12100264 2017-05-22] (DisplayLink Corp.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-08-17] (Portrait Displays, Inc.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [234400 2016-10-03] ()
R2 ftscanmgrhv; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe [6331296 2016-10-18] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [186760 2013-06-19] ()
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view-usbd.exe [1169896 2016-11-24] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [275872 2016-10-18] (VMware)
R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-17] (AVG Secure Search)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2017-12-20] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-07] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-07] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-07] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-07] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-07] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-07] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-07] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-12] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-07] (AVAST Software)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-17] (AVG Technologies)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_8.2.1956.0.sys [67296 2017-07-25] ()
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_6.3.38103.0.sys [17408 2013-05-04] (hxxp://libusb-win32.sourceforge.net)
S3 dlcdcecm; C:\Windows\System32\DRIVERS\dlcdcecm.sys [38400 2012-05-15] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [192120 2012-05-15] (DisplayLink Corp.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] (Intel® Corporation) [File not signed]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-01] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-02-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-02-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-01] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-02-01] (Malwarebytes)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
S3 Afc; system32\drivers\Afc.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-01 20:24 - 2018-02-01 20:24 - 000028911 _____ C:\Users\David\Desktop\FRST.txt
2018-02-01 20:22 - 2018-02-01 20:24 - 000000000 ____D C:\FRST
2018-02-01 20:15 - 2018-02-01 20:15 - 002393088 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2018-02-01 20:06 - 2018-02-01 20:06 - 000000120 _____ C:\Users\David\Desktop\SWI Notes.txt
2018-02-01 19:47 - 2018-02-01 19:47 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-01 19:00 - 2018-02-01 19:00 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-02-01 18:59 - 2018-02-01 20:14 - 000001992 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-01 18:59 - 2018-02-01 20:14 - 000001992 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2018-02-01 18:59 - 2018-02-01 19:47 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-02-01 18:59 - 2018-02-01 19:47 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-02-01 18:59 - 2018-02-01 19:47 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-02-01 18:59 - 2018-02-01 18:59 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-01 18:59 - 2018-02-01 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-01 18:59 - 2018-02-01 18:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-01 18:59 - 2018-02-01 18:59 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-01 18:59 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-01 18:23 - 2018-02-01 18:24 - 082132184 _____ (Malwarebytes ) C:\Users\David\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3839.exe
2018-02-01 17:02 - 2018-02-01 17:02 - 000032832 _____ C:\Windows\SysWOW64\rnd_chunk.bin
2018-02-01 17:00 - 2018-02-01 17:56 - 000000000 ____D C:\ProgramData\UAB
2018-02-01 17:00 - 2018-02-01 17:00 - 000000000 ____D C:\ProgramData\Driver Support
2018-02-01 16:59 - 2018-02-01 16:59 - 000674496 _____ (PC Drivers HeadQuarters LP) C:\Users\David\Downloads\DriverSupport.exe
2018-01-08 17:04 - 2017-12-31 18:21 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-08 17:04 - 2017-12-31 18:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-08 17:04 - 2017-12-31 18:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-08 17:04 - 2017-12-31 18:21 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-08 17:04 - 2017-12-31 18:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-08 17:04 - 2017-12-31 18:21 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-08 17:04 - 2017-12-31 18:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-01-08 17:04 - 2017-12-31 18:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-01-08 17:04 - 2017-12-31 18:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-01-08 17:04 - 2017-12-31 18:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-01-08 17:04 - 2017-12-31 18:19 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 001361408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-01-08 17:04 - 2017-12-31 18:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-01-08 17:04 - 2017-12-31 18:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2018-01-08 17:04 - 2017-12-31 18:18 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2018-01-08 17:04 - 2017-12-31 18:18 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-01-08 17:04 - 2017-12-31 18:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 18:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-01-08 17:04 - 2017-12-31 18:13 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-08 17:04 - 2017-12-31 18:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-08 17:04 - 2017-12-31 18:02 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2018-01-08 17:04 - 2017-12-31 18:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2018-01-08 17:04 - 2017-12-31 18:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-01-08 17:04 - 2017-12-31 18:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-01-08 17:04 - 2017-12-31 17:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-01-08 17:04 - 2017-12-31 17:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-08 17:04 - 2017-12-31 17:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-08 17:04 - 2017-12-31 17:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-08 17:04 - 2017-12-31 17:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-01-08 17:04 - 2017-12-31 17:54 - 004013800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-01-08 17:04 - 2017-12-31 17:54 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-01-08 17:04 - 2017-12-31 17:54 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-01-08 17:04 - 2017-12-31 17:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-08 17:04 - 2017-12-31 17:49 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-01-08 17:04 - 2017-12-31 17:49 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-01-08 17:04 - 2017-12-31 17:49 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-01-08 17:04 - 2017-12-31 17:49 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-01-08 17:04 - 2017-12-31 17:47 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2018-01-08 17:04 - 2017-12-31 17:46 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-01-08 17:04 - 2017-12-31 17:46 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2018-01-08 17:04 - 2017-12-31 17:46 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2018-01-08 17:04 - 2017-12-31 17:45 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-01-08 17:04 - 2017-12-31 17:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-08 17:04 - 2017-12-31 17:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2018-01-08 17:04 - 2017-12-31 17:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2018-01-08 17:04 - 2017-12-31 17:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2018-01-08 17:04 - 2017-12-31 17:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
2018-01-08 17:04 - 2017-12-31 17:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
2018-01-08 17:04 - 2017-12-31 17:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-01-08 17:04 - 2017-12-31 17:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
2018-01-08 17:04 - 2017-12-31 17:42 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-01-08 17:04 - 2017-12-31 17:42 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-08 17:04 - 2017-12-31 17:42 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-01-08 17:04 - 2017-12-31 17:42 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-01-08 17:04 - 2017-12-31 17:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-08 17:04 - 2017-12-31 17:41 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-01-08 17:04 - 2017-12-31 17:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-01-08 17:04 - 2017-12-31 17:41 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-01-08 17:04 - 2017-12-31 17:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-01-08 17:04 - 2017-12-31 17:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-01-08 17:04 - 2017-12-31 17:41 - 000007168 _____ (Microsoft Corp

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,226 posts

Posted 03 February 2018 - 07:28 AM

Hello, Welcome to SpywareInfoForumr.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
DriverUpdate (HKLM-x32\...\{E6617834-9398-4F95-9C05-2D87B192E1DF}) (Version: 2.4.3 - SlimWare Utilities, Inc.)
Iminent (HKLM-x32\...\{5CDCDBCD-119A-4AE1-9C55-B816DBBE4245}) (Version: 6.27.21.0 - Iminent) Hidden <==== ATTENTION
KNCTR (HKLM-x32\...\Itibiti_is1) (Version: - Itibiti Systems Inc.) <==== ATTENTION
LessTabs (HKLM-x32\...\LessTabs) (Version: 1.7.2.0 - LessTabs)
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Phone\Itibiti.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2096361384-901469764-2865818563-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\ItibitiLauncher.exe [2638848 2017-09-11] () <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2096361384-901469764-2865818563-1002\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-2096361384-901469764-2865818563-1002 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2096361384-901469764-2865818563-1002 -> {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-serp-adk/search/redirect/?type=default&user_id=b53bab51-6b3e-4736-b02f-6129ed97f99e&query={searchTerms}
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll => No File
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll No File
Toolbar: HKU\S-1-5-21-2096361384-901469764-2865818563-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-17] (AVG Secure Search)
S3 Afc; system32\drivers\Afc.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]

FirewallRules: [TCP Query User{31A77BAF-ABC6-4BF4-982E-0D79E2E22F10}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [UDP Query User{02A8936C-33EE-499F-8AC6-B8E6925A365A}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [{2A81D7D2-18ED-4132-8639-0F7C83B532CF}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Phone\Itibiti.exe
FirewallRules: [{2B7F12EB-8D59-419F-85CC-FC3278EE20F1}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Phone\Itibiti.exe
FirewallRules: [{B3FF49FF-75A7-4174-9CFB-6EF330508DD7}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\NoPhone\Itibiti.exe
FirewallRules: [{B9CEC663-6076-4B04-AB13-3277F7053FD2}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\NoPhone\Itibiti.exe
FirewallRules: [TCP Query User{779DE6B3-4C5C-4F9F-BB9B-2C7C527538C4}C:\program files (x86)\itibiti soft phone\phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\phone\itibiti.exe
FirewallRules: [UDP Query User{D4AD4DA0-B855-47E8-BADE-2D376D7667B5}C:\program files (x86)\itibiti soft phone\phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\phone\itibiti.exe

2018-02-01 16:59 - 2018-02-01 16:59 - 000674496 _____ (PC Drivers HeadQuarters LP) C:\Users\David\Downloads\DriverSupport.exe
2013-06-22 21:01 - 2013-06-23 15:12 - 000099384 _____ () C:\Users\David\AppData\Roaming\inst.exe
C:\Program Files (x86)\Itibiti Soft Phone
2012-06-30 10:34 - 2012-06-30 10:34 - 144895440 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\SP56904.exe
2013-05-09 05:50 - 2013-05-09 05:50 - 004022944 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP56929.exe
2013-05-23 15:59 - 2013-05-23 15:59 - 023478616 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP57538.exe
2013-05-22 17:08 - 2013-05-22 17:08 - 006594568 _____ (Hewlett Packard Inc                                         ) C:\Users\David\AppData\Local\Temp\SP57698.exe
2013-05-09 05:48 - 2013-05-09 05:48 - 045042944 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\SP57966.exe
2013-06-02 11:32 - 2013-06-02 11:33 - 041580520 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\sp58915.exe
2013-02-01 16:19 - 2013-02-01 16:19 - 306173352 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\SP59787.exe
2013-05-23 16:13 - 2013-05-23 16:13 - 006709496 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP60051.exe
2013-05-20 06:50 - 2013-05-20 06:50 - 009982176 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\SP61037.exe
2013-05-23 16:14 - 2013-05-23 16:14 - 069668656 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\SP61399.exe
2013-07-02 20:16 - 2013-07-02 20:16 - 035990952 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP61776.exe
2013-08-29 01:38 - 2013-08-29 01:38 - 006844168 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP62991.exe
2013-10-25 08:13 - 2013-10-25 08:13 - 069669936 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\SP63224.exe
2013-10-25 07:58 - 2013-10-25 07:58 - 006879392 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP63801.exe
2013-11-28 03:56 - 2013-11-28 03:56 - 029030920 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP64082.exe
2014-02-06 12:18 - 2014-02-06 12:18 - 044799704 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\sp64126.exe
2013-09-07 13:51 - 2012-01-05 11:43 - 000121856 _____ (Microsoft Corporation) C:\Users\David\AppData\Local\Temp\xmllite.dll


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 DC0001

DC0001

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 03 February 2018 - 09:07 PM

DriverUpdate uninstalled.
 
I don't see Iminent under the Program Manager.
 
"Uninstall has detected that KNCTR is currently running. Please close all instances of it now..." but I can't find it in the Task Manager under Applications, Processes or Services.
 
Less Tabs uninstalled.
 
Fixlist saved and FRST ran:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by David (03-02-2018 17:50:27) Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: UpdatusUser & David)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Phone\Itibiti.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2096361384-901469764-2865818563-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\ItibitiLauncher.exe [2638848 2017-09-11] () <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-2096361384-901469764-2865818563-1002\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-2096361384-901469764-2865818563-1002 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2096361384-901469764-2865818563-1002 -> {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-serp-adk/search/redirect/?type=default&user_id=b53bab51-6b3e-4736-b02f-6129ed97f99e&query={searchTerms}
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll => No File
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll No File
Toolbar: HKU\S-1-5-21-2096361384-901469764-2865818563-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-17] (AVG Secure Search)
S3 Afc; system32\drivers\Afc.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]
 
FirewallRules: [TCP Query User{31A77BAF-ABC6-4BF4-982E-0D79E2E22F10}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [UDP Query User{02A8936C-33EE-499F-8AC6-B8E6925A365A}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [{2A81D7D2-18ED-4132-8639-0F7C83B532CF}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Phone\Itibiti.exe
FirewallRules: [{2B7F12EB-8D59-419F-85CC-FC3278EE20F1}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Phone\Itibiti.exe
FirewallRules: [{B3FF49FF-75A7-4174-9CFB-6EF330508DD7}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\NoPhone\Itibiti.exe
FirewallRules: [{B9CEC663-6076-4B04-AB13-3277F7053FD2}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\NoPhone\Itibiti.exe
FirewallRules: [TCP Query User{779DE6B3-4C5C-4F9F-BB9B-2C7C527538C4}C:\program files (x86)\itibiti soft phone\phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\phone\itibiti.exe
FirewallRules: [UDP Query User{D4AD4DA0-B855-47E8-BADE-2D376D7667B5}C:\program files (x86)\itibiti soft phone\phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\phone\itibiti.exe
 
2018-02-01 16:59 - 2018-02-01 16:59 - 000674496 _____ (PC Drivers HeadQuarters LP) C:\Users\David\Downloads\DriverSupport.exe
2013-06-22 21:01 - 2013-06-23 15:12 - 000099384 _____ () C:\Users\David\AppData\Roaming\inst.exe
C:\Program Files (x86)\Itibiti Soft Phone
2012-06-30 10:34 - 2012-06-30 10:34 - 144895440 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\SP56904.exe
2013-05-09 05:50 - 2013-05-09 05:50 - 004022944 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP56929.exe
2013-05-23 15:59 - 2013-05-23 15:59 - 023478616 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP57538.exe
2013-05-22 17:08 - 2013-05-22 17:08 - 006594568 _____ (Hewlett Packard Inc                                         ) C:\Users\David\AppData\Local\Temp\SP57698.exe
2013-05-09 05:48 - 2013-05-09 05:48 - 045042944 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\SP57966.exe
2013-06-02 11:32 - 2013-06-02 11:33 - 041580520 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\sp58915.exe
2013-02-01 16:19 - 2013-02-01 16:19 - 306173352 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\SP59787.exe
2013-05-23 16:13 - 2013-05-23 16:13 - 006709496 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP60051.exe
2013-05-20 06:50 - 2013-05-20 06:50 - 009982176 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\SP61037.exe
2013-05-23 16:14 - 2013-05-23 16:14 - 069668656 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\SP61399.exe
2013-07-02 20:16 - 2013-07-02 20:16 - 035990952 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP61776.exe
2013-08-29 01:38 - 2013-08-29 01:38 - 006844168 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP62991.exe
2013-10-25 08:13 - 2013-10-25 08:13 - 069669936 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\SP63224.exe
2013-10-25 07:58 - 2013-10-25 07:58 - 006879392 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP63801.exe
2013-11-28 03:56 - 2013-11-28 03:56 - 029030920 _____ (Hewlett-Packard Company                                     ) C:\Users\David\AppData\Local\Temp\SP64082.exe
2014-02-06 12:18 - 2014-02-06 12:18 - 044799704 _____ (Hewlett-Packard                                             ) C:\Users\David\AppData\Local\Temp\sp64126.exe
2013-09-07 13:51 - 2012-01-05 11:43 - 000121856 _____ (Microsoft Corporation) C:\Users\David\AppData\Local\Temp\xmllite.dll
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe => No running process found
C:\Program Files (x86)\Itibiti Soft Phone\Phone\Itibiti.exe => No running process found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-2096361384-901469764-2865818563-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe" => removed successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-2096361384-901469764-2865818563-1002\SOFTWARE\Policies\Google" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\S-1-5-21-2096361384-901469764-2865818563-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-2096361384-901469764-2865818563-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}" => removed successfully
HKLM\Software\Classes\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" => removed successfully
"HKU\S-1-5-21-2096361384-901469764-2865818563-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
CHR Extension: (Avast SafePrice) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-01] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully
"HKLM\System\CurrentControlSet\Services\vToolbarUpdater15.5.0" => removed successfully
vToolbarUpdater15.5.0 => service removed successfully
"HKLM\System\CurrentControlSet\Services\Afc" => removed successfully
Afc => service removed successfully
"HKLM\System\CurrentControlSet\Services\SWDUMon" => removed successfully
SWDUMon => service removed successfully
"HKLM\System\CurrentControlSet\Services\vmwvusb" => removed successfully
vmwvusb => service removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{31A77BAF-ABC6-4BF4-982E-0D79E2E22F10}C:\program files (x86)\itibiti soft phone\itibiti.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{02A8936C-33EE-499F-8AC6-B8E6925A365A}C:\program files (x86)\itibiti soft phone\itibiti.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A81D7D2-18ED-4132-8639-0F7C83B532CF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B7F12EB-8D59-419F-85CC-FC3278EE20F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3FF49FF-75A7-4174-9CFB-6EF330508DD7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9CEC663-6076-4B04-AB13-3277F7053FD2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{779DE6B3-4C5C-4F9F-BB9B-2C7C527538C4}C:\program files (x86)\itibiti soft phone\phone\itibiti.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D4AD4DA0-B855-47E8-BADE-2D376D7667B5}C:\program files (x86)\itibiti soft phone\phone\itibiti.exe" => removed successfully
C:\Users\David\Downloads\DriverSupport.exe => moved successfully
C:\Users\David\AppData\Roaming\inst.exe => moved successfully
C:\Program Files (x86)\Itibiti Soft Phone => moved successfully
C:\Users\David\AppData\Local\Temp\SP56904.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP56929.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP57538.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP57698.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP57966.exe => moved successfully
C:\Users\David\AppData\Local\Temp\sp58915.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP59787.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP60051.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP61037.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP61399.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP61776.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP62991.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP63224.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP63801.exe => moved successfully
C:\Users\David\AppData\Local\Temp\SP64082.exe => moved successfully
C:\Users\David\AppData\Local\Temp\sp64126.exe => moved successfully
C:\Users\David\AppData\Local\Temp\xmllite.dll => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 150049960 B
Java, Flash, Steam htmlcache => 99324 B
Windows/system/drivers => 1106516621 B
Edge => 0 B
Chrome => 67743106 B
Firefox => 0 B
Opera => 68474741 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 21958668 B
systemprofile32 => 9981765 B
LocalService => 0 B
NetworkService => 410898 B
UpdatusUser => 0 B
David => 4025335077 B
 
RecycleBin => 0 B
EmptyTemp: => 5.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:51:50 ====
 
 
AdwCleaner: 
 
# AdwCleaner 7.0.7.0 - Logfile created on Sun Feb 04 02:38:06 2018
# Updated on 2018/18/01 by Malwarebytes 
# Running on Windows 7 Professional (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: YahooAUService
 
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\AVG SafeGuard toolbar
Deleted: C:\ProgramData\Application Data\AVG SafeGuard toolbar
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Deleted: C:\Program Files (x86)\AVG SafeGuard toolbar
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Deleted: C:\Users\All Users\AVG SafeGuard toolbar
Deleted: C:\Users\David\AppData\Local\AVG SafeGuard toolbar
Deleted: C:\Users\David\AppData\LocalLow\AVG SafeGuard toolbar
Deleted: C:\ProgramData\Yahoo! Companion
Deleted: C:\ProgramData\Application Data\Yahoo! Companion
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo! Companion
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
Deleted: C:\Users\All Users\Yahoo! Companion
Deleted: C:\Users\David\AppData\LocalLow\Yahoo! Companion
Deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted: C:\Users\David\AppData\Roaming\Common\LuaRT
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Fast Free Converter
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Fast Free Converter
Deleted: C:\Users\UpdatusUser\AppData\LocalLow\Fast Free Converter
Deleted: C:\Program Files (x86)\File Type Helper
Deleted: C:\Windows\Installer\{5CDCDBCD-119A-4AE1-9C55-B816DBBE4245}
Deleted: C:\Users\David\AppData\Roaming\Sixth
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Program Files (x86)\Yahoo!\Companion
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Users\David\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Users\David\AppData\Roaming\Yahoo!\Companion
Deleted: C:\Users\David\AppData\Local\Downloaded Installers
Deleted: C:\ProgramData\lavasoft\web companion
Deleted: C:\ProgramData\Application Data\lavasoft\web companion
Deleted: C:\Program Files (x86)\lavasoft\web companion
Deleted: C:\Users\All Users\lavasoft\web companion
Deleted: C:\Users\David\AppData\Roaming\lavasoft\web companion
Deleted: C:\Users\David\AppData\Roaming\Itibiti
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
Deleted: C:\Users\David\AppData\Roaming\FromDocToPDF_65
Deleted: C:\Users\David\AppData\Local\slimware utilities inc
Deleted: C:\Users\David\AppData\Local\SlimWare Utilities Inc
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\LavasoftTcpService
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService
 
 
***** [ Files ] *****
 
Deleted: C:\Users\All Users\Desktop\Knctr.lnk
Deleted: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
Deleted: C:\Users\Public\Desktop\Knctr.lnk
Deleted: C:\Windows\System32\lavasofttcpservice.dll
Deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll
Deleted: C:\Windows\System32\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysNative\LavasoftTcpService64.dll
Deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe
Deleted: C:\Users\All Users\Desktop\KNCTR.lnk
Deleted: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk
Deleted: C:\Users\Public\Desktop\KNCTR.lnk
Deleted: C:\Windows\System32\drivers\DRVAGENT64.SYS
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\itibitiphone.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\web.itibitiphone.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d1af033869koo7.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d23716qn9q7omq.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d2m2wsoho8qq12.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3l3lkinz3f56t.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homes.trovit.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\howtosimplified.dl.tb.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\media-sj2.msg.dotomi.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myscrapnook.dl.tb.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDCDBCD-119A-4AE1-9C55-B816DBBE4245}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fast Free Converter
Deleted: [Key] - HKU\S-1-5-21-2096361384-901469764-2865818563-1002\Software\usyndication.com
Deleted: [Key] - HKCU\Software\usyndication.com
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\.DEFAULT\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2096361384-901469764-2865818563-1002\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2096361384-901469764-2865818563-1002\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-18\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-2096361384-901469764-2865818563-1002\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-2096361384-901469764-2865818563-1002\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Itibiti_is1
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\yt.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SystemCash.exe
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|WeatherBug.exe
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1FFA56E1-CB7F-4C4A-B681-405F9F94FEDE}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
Deleted: [Key] - HKU\.DEFAULT\Software\ByteFence
Deleted: [Key] - HKU\S-1-5-18\Software\ByteFence
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverSupport.exe
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [35262 B] - [2018/2/4 2:22:19]
C:/AdwCleaner/AdwCleaner[S1].txt - [35329 B] - [2018/2/4 2:30:15]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
Persisting problems:
 
Bitdefender "Create Account" pop-up. 
 
DisplayLink Software Notification pop-up advising "DisplayLink installer has detected that your USB 3.0 host controller drivers could be incompatible with DisplayLink USB hardware. Please download and update your Intel USB 3.0 host controller driver before using DisplayLink technology." Immediately prior to requesting your help I had attempted to resolve this by updating the USB 3.0 driver. 
 
Somehow Chromium got installed and I don't know how to get rid of it.

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,226 posts

Posted 04 February 2018 - 08:32 AM

Hi,
 

I don't see Iminent under the Program Manage

The program was probably uninstalled and what we see in the log is the Registry Entry.


If you wish to remove the entry follow the following instructions.
https://www.bleeping...emove-programs/

p.s.
It's not active so you can leave it and nothing will come of it.

---
 

"Uninstall has detected that KNCTR is currently running. Please close all instances of it now..." but I can't find it in the Task Manager under Applications, Processes or Services.

This program was removed by the AdwCleaner tool.
Do you still have a problem with it?
---
 

Bitdefender "Create Account" pop-up


If Bitdefender was previously installed on this computer Download and run the Uninstaller tool for the version you had.
https://www.bitdefender.com/uninstall/
===

Somehow Chromium got installed and I don't know how to get rid of it.
It's nice to have a second Browser. If somethings goes wrong with your preferred Browser you have an other options.

If you wish to have IE as you default browser do the following.
Follow the instructions on this page.
https://support.micr...default-browser

========

Let me know if you have any issues with this computer.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 DC0001

DC0001

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 04 February 2018 - 06:16 PM

KNCTR seems to be gone.
 
Bitdefender wasn't installed before but I think it's successfully uninstalled now.
 
My installed Avast is now reporting:
 
System junk: 21 GB (I only have 21 out of 103 GB free so it would help to have that other 21 GB)
Programs slowing down your PC: 47
Broken registry items: 1777
 
Is there anything I can do about this stuff without buying more Avast products?
 
Chrome is my default browser (with Opera and IE as backups) but I didn't install Chromium and I've read it was likely 
 
installed by other malware and should not be trusted as it's probably collecting browsing data on me to sell. Unlike Chrome 
 
it doesn't appear anywhere as an installed program except on the taskbar, so I don't know how to cleanly uninstall it. 
 
Online there are utilities for sale that promise to uproot it but I don't trust them.
 

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,226 posts

Posted 05 February 2018 - 07:12 AM



Hi,

Remove the Chromium Browser via the Control panel > Add/Remove programs.

Decide if you wish to install Chrome. It's your call.
https://www.google.com/chrome/

You can then Import you Bookmarks from IE.

p.s. I would not install it just now. Execute the following.
---

Run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Let me know what Avast is now reporting.

How is the computer running now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 DC0001

DC0001

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 05 February 2018 - 09:43 PM

 
Zoek.exe Version 5.0.0.1 Updated 04-Februari-2018(online version
Zoek.exe v5.0.0.2 Updated 04-Februari-2018(online version)
Tool run by David on Mon 02/05/2018 at 18:15:08.71.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\David\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
2/5/2018 6:16:31 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Lavasoft deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\Lavasoft deleted successfully
C:\Users\David\AppData\Roaming\Common deleted successfully
C:\Users\David\AppData\Roaming\GetRightToGo deleted successfully
C:\Users\David\AppData\Roaming\Lavasoft deleted successfully
C:\Users\David\AppData\Roaming\QuickScan deleted successfully
C:\Users\David\AppData\Roaming\Vso deleted successfully
C:\Users\David\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\David\AppData\Roaming\Yahoo! deleted successfully
C:\Users\David\AppData\Local\1Click DVD Copy deleted successfully
C:\Users\David\AppData\Local\1Click DVD Copy Pro deleted successfully
C:\Users\David\AppData\Local\CutePDF Writer deleted successfully
C:\Users\David\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\David\AppData\Local\EmieSiteList deleted successfully
C:\Users\David\AppData\Local\EmieUserList deleted successfully
C:\Users\David\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.bing.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...rc=IE-SearchBox
HKLM\SearchScopes\{A181A777-A6DF-4D92-B1C6-88C0DE651139} - http://www.amazon.co...s={searchTerms}
HKLM\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.co...w={searchTerms}
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...rc=IE-SearchBox
HKLM\Wow6432Node\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.co...w={searchTerms}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...rc=IE-SearchBox
HKCU\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.co...w={searchTerms}
HKCU\Wow6432Node\SearchScopes "DefaultScope"=""
HKCU\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.bing.com/...ms}&FORM=IE8SRC
 
==== Reset Google Chrome ======================
 
C:\Users\David\AppData\Local\chromium\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\chromium\User Data\Default\Secure Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\David\AppData\Local\chromium\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\chromium\User Data\Default\Web Data-journal was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\David\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\David\AppData\Local\chromium\User Data\Default\Cache emptied successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\David\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Mon 02/05/2018 at 18:19:16.10 ======================
 
 
My installed Avast is no longer reporting anything about junk files, etc.
 
I still have the DisplayLink Software notification about the USB 3.0 host controller drivers. Is this legit?
 
Chrome is already my default browser. However as of yesterday it just hangs on most websites and times out. Noted exceptions being Google and this site.
 
Chromium browser doesn't show up as an installed application so I can't uninstall it via Control panel > Add/Remove programs.
 

#8 DC0001

DC0001

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 05 February 2018 - 09:43 PM

 
Zoek.exe Version 5.0.0.1 Updated 04-Februari-2018(online version
Zoek.exe v5.0.0.2 Updated 04-Februari-2018(online version)
Tool run by David on Mon 02/05/2018 at 18:15:08.71.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\David\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
2/5/2018 6:16:31 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Lavasoft deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\Lavasoft deleted successfully
C:\Users\David\AppData\Roaming\Common deleted successfully
C:\Users\David\AppData\Roaming\GetRightToGo deleted successfully
C:\Users\David\AppData\Roaming\Lavasoft deleted successfully
C:\Users\David\AppData\Roaming\QuickScan deleted successfully
C:\Users\David\AppData\Roaming\Vso deleted successfully
C:\Users\David\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\David\AppData\Roaming\Yahoo! deleted successfully
C:\Users\David\AppData\Local\1Click DVD Copy deleted successfully
C:\Users\David\AppData\Local\1Click DVD Copy Pro deleted successfully
C:\Users\David\AppData\Local\CutePDF Writer deleted successfully
C:\Users\David\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\David\AppData\Local\EmieSiteList deleted successfully
C:\Users\David\AppData\Local\EmieUserList deleted successfully
C:\Users\David\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.bing.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...rc=IE-SearchBox
HKLM\SearchScopes\{A181A777-A6DF-4D92-B1C6-88C0DE651139} - http://www.amazon.co...s={searchTerms}
HKLM\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.co...w={searchTerms}
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...rc=IE-SearchBox
HKLM\Wow6432Node\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.co...w={searchTerms}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...rc=IE-SearchBox
HKCU\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.co...w={searchTerms}
HKCU\Wow6432Node\SearchScopes "DefaultScope"=""
HKCU\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.bing.com/...ms}&FORM=IE8SRC
 
==== Reset Google Chrome ======================
 
C:\Users\David\AppData\Local\chromium\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\chromium\User Data\Default\Secure Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\David\AppData\Local\chromium\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\chromium\User Data\Default\Web Data-journal was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\David\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\David\AppData\Local\chromium\User Data\Default\Cache emptied successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\David\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Mon 02/05/2018 at 18:19:16.10 ======================
 
 
My installed Avast is no longer reporting anything about junk files, etc.
 
I still have the DisplayLink Software notification about the USB 3.0 host controller drivers. Is this legit?
 
Chrome is already my default browser. However as of yesterday it just hangs on most websites and times out. Noted exceptions being Google and this site.
 
Chromium browser doesn't show up as an installed application so I can't uninstall it via Control panel > Add/Remove programs.
 

#9 DC0001

DC0001

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 05 February 2018 - 09:43 PM

 
Zoek.exe Version 5.0.0.1 Updated 04-Februari-2018(online version
Zoek.exe v5.0.0.2 Updated 04-Februari-2018(online version)
Tool run by David on Mon 02/05/2018 at 18:15:08.71.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\David\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
2/5/2018 6:16:31 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Lavasoft deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\Lavasoft deleted successfully
C:\Users\David\AppData\Roaming\Common deleted successfully
C:\Users\David\AppData\Roaming\GetRightToGo deleted successfully
C:\Users\David\AppData\Roaming\Lavasoft deleted successfully
C:\Users\David\AppData\Roaming\QuickScan deleted successfully
C:\Users\David\AppData\Roaming\Vso deleted successfully
C:\Users\David\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\David\AppData\Roaming\Yahoo! deleted successfully
C:\Users\David\AppData\Local\1Click DVD Copy deleted successfully
C:\Users\David\AppData\Local\1Click DVD Copy Pro deleted successfully
C:\Users\David\AppData\Local\CutePDF Writer deleted successfully
C:\Users\David\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\David\AppData\Local\EmieSiteList deleted successfully
C:\Users\David\AppData\Local\EmieUserList deleted successfully
C:\Users\David\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.bing.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...rc=IE-SearchBox
HKLM\SearchScopes\{A181A777-A6DF-4D92-B1C6-88C0DE651139} - http://www.amazon.co...s={searchTerms}
HKLM\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.co...w={searchTerms}
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...rc=IE-SearchBox
HKLM\Wow6432Node\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.co...w={searchTerms}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...rc=IE-SearchBox
HKCU\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.co...w={searchTerms}
HKCU\Wow6432Node\SearchScopes "DefaultScope"=""
HKCU\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.bing.com/...ms}&FORM=IE8SRC
 
==== Reset Google Chrome ======================
 
C:\Users\David\AppData\Local\chromium\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\chromium\User Data\Default\Secure Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\David\AppData\Local\chromium\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\chromium\User Data\Default\Web Data-journal was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\David\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\David\AppData\Local\chromium\User Data\Default\Cache emptied successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\David\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Mon 02/05/2018 at 18:19:16.10 ======================
 
 
My installed Avast is no longer reporting anything about junk files, etc.
 
I still have the DisplayLink Software notification about the USB 3.0 host controller drivers. Is this legit?
 
Chrome is already my default browser. However as of yesterday it just hangs on most websites and times out. Noted exceptions being Google and this site.
 
Chromium browser doesn't show up as an installed application so I can't uninstall it via Control panel > Add/Remove programs.
 

#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,226 posts

Posted 06 February 2018 - 07:32 AM

Hi,

I still have the DisplayLink Software notification about the USB 3.0 host controller drivers. Is this legit?
Check it out.
https://support.disp...k-software#win7
----

Chrome issues.

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/3...hrome-bookmarks

step3.gif If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data, if you sync with other defices.
https://forums.malwa...ays-comes-back/


step4.gif Clear your Chrome cache and cookies
https://support.goog...er/183083?hl=en


step5.gif Remove Chrome using the the instructions on this page.
https://support.goog...wer/95319?hl=en

step6.gif Re-install Chrome and the Bookmarks.
====

Keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 DC0001

DC0001

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 06 February 2018 - 09:01 PM

 
With Chrome's cache cleared I can't get to Google or any other website, including this one, even with AVAST disabled; it just hangs and times out with the following error message:
 
This site can’t be reached
www.google.com unexpectedly closed the connection.
Try:
 
Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_CONNECTION_CLOSED
 
 
IE does the same thing. IE's error message:
 
This page can’t be displayed
 
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://www.google.com again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator. 
 
I've checked the settings and the TLS boxes are already checked, and obviously Google is a secure site.
 
 
Opera won't connect either and reports:
 
This site can’t be reached
www.google.com unexpectedly closed the connection.
 
Try:
Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
Check your internet connection.
Check any cables and reboot any routers, modems, or other network devices you may be using.
 
Allow Opera to access the network in your firewall or antivirus settings.
If it is already listed as a program allowed to access the network, try removing it from the list and adding it again.
 
If you use a proxy server…
Check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don't believe you should be using a proxy server: Go to the Main menu > Settings > Change proxy settings… > LAN Settings and deselect "Use a proxy server for your LAN".
 
Chromium won't connect either.
 
I still have a good connection to my LAN and HP's network diagnostics (on the laptop in question) report that everything checks out with the network. I rebooted the router but still none of the 4 browsers on the laptop connect. Other machines on the network have good internet connections. I'm posting this from one of the other machines. 

#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,226 posts

Posted 07 February 2018 - 07:24 AM

Hi,

Run this fix to reset these settings.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

RemoveProxy:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

Hosts:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is it now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 DC0001

DC0001

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 07 February 2018 - 04:50 PM

 
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 07.02.2018
Ran by David (07-02-2018 09:57:37) Run:2
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: UpdatusUser & David)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
RemoveProxy:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
 
Hosts:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2096361384-901469764-2865818563-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2096361384-901469764-2865818563-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::c170:8b6a:5dc3:4e94%13
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{214ED3E9-4B87-41E5-A2A3-623DBFF8C4F6}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{92F25083-807F-4263-BE64-7DD00B3BA281}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{8D9F6BE3-6D4D-4F1A-B43C-1A2D2EEC075E}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::c170:8b6a:5dc3:4e94%13
   IPv4 Address. . . . . . . . . . . : 192.168.1.14
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{92F25083-807F-4263-BE64-7DD00B3BA281}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{8D9F6BE3-6D4D-4F1A-B43C-1A2D2EEC075E}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Route, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:57:51 ====
 
 
The browsers still fail to reach the internet.

#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,226 posts

Posted 08 February 2018 - 07:57 AM

Hi,

Please navigate to this page.
http://www.incredibl...n-closed-error/

We already did most of the suggested fixes. No harm if you do it again as suggested.

Also
Do the Fix 3: Assigning DNS Address Manually on this page.

Restart the computer normally.

How is it now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 DC0001

DC0001

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 09 February 2018 - 03:31 PM

I tried everything but nothing is working. From Chrome's Developer Mode (F12) after performing a hard reload I am occasionally able to get Google to load after a long delay. Once I was able to get the SWI index page to load that way. 

 

I am able to ping Google just fine. I ran Tracert and it mapped the same circuitous path to Google that my other machine is taking. I tried manually setting the Internet  Protocol Version 4 (TCP/IPv4) address to Google: 8.8.8.8 (preferred) and 8.8.4.4 (alternate), and resetting the DNS client per advice in Method's 1 and 2 here: https://www.driverea...-error/#method1. None of the network diagnostic tools turn up anything. The LAN and internet are connected but the browsers are still refusing to load. 


#16 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,226 posts

Posted 10 February 2018 - 08:27 AM



Hi,


I suggest that your execude the following instructions one more time.
Do all the suggested fixing on this page.

http://www.techinpos...d-code-problem/
====

Restart the computer when completed.

It no joy then

Try to run chrome while in Safe Mode with Networking.
Let me know if it works.
===

Other checks.

Check if your Firewall is allowing Chrome.
http://www.dummies.c...ows-7-firewall/


Disable all your Chrome Extensions.

Let me know what works if any,
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#17 DC0001

DC0001

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 11 February 2018 - 01:42 PM

I asked my local computer guru for help and he had to work on it for a few hours but finally figured out it was Bitdefender running in the background. Despite multiple attempts to uninstall it it kept coming back until he deleted it from the registry. I don't know if it was downloaded from the link you supplied however; I think I had to find an alternate source for one of your utilities when the link you supplied didn't work, and it may well have been the one for Bitdefender.

 

Nasdaq, I thank you for your dedicated help in getting this resolved and helping me clean up my machine. I really appreciate it very much.

 

My machine is now in working order.

 

Best regards,

 

DC0001


#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,226 posts

Posted 12 February 2018 - 06:55 AM

Hi,

Thank you for the feed back.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Back to PC Checkup and Troubleshooting


  1. SpywareInfo Forum
  2. General Computing Issues
  3. PC Checkup and Troubleshooting
  4. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button