HiJack This HOSTS

[Bizzo11]

Reading a recent hiJack this scan, I almost deleted all the HOSTS 127.0.0.1 as they look suspicious.

Is anyone out there experienced enough to help me determine what files I delete???

My PC (internet) will not connect to banking sites etc when left 'asleep' and then you go back in...other browsing is f HiJackThis.log ine.

Once I restart PC all is well.

Please help.

[Sandor-Helper]

Hello and welcome! To do a complete diagnostics we need CollectionLog created by Autologger as described here in How to prepare logs section.

[Bizzo11]

Thank you.

Please find attached the AutoLogger zip files....I dragged them onto here.

CollectionLog-2019.01.26-10.58.zip CollectionLog-2019.01.26-11.01.zip

Not sure if they completely attached. Do I need to open the ZIPFILE first?

[Sandor-Helper]

File CheckBrowserLnk.log from

...\AutoLogger\CheckBrowserLnk

drag and drop onto ClearLNK tool.

http://dragokas.com/tools/move.gif

Its report should be looл like ClearLNK-<Дата>.log. Attach it to your next post.

Close all running programs, temporarily unload antivirus and other protecting software.

Run a script in AVZ (File - Run script):

begin
 RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
 RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
 RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
 RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1);
 RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
 ExecuteRepair(13);
RebootWindows(false);
end.

Computer will reboot.

For secondary diagnostics please run AutoLogger again. Attach new CollectionLog to your post.

[Bizzo11]

ClearLNK-2019.01.28_10.24.12.log

Having trouble copy the script to AVZ Antiviral Toolkit. File run Custom Script comes up with ERROR: 'BEGIN' expected at position 1:1 Each time I reposition copied script ERRORR appears again at the new position.

[Bizzo11]

CollectionLog-2019.01.28-10.44.zip

[Sandor-Helper]

I am sorry, first line of script was missed while forum engine actions. I've corrected now my previouse post. It should be OK.

[Bizzo11]

CollectionLog-2019.01.28-20.39.zip

Thank you so much. Is it all fixed now?

[Sandor-Helper]

It looks much better now. Lets do some more:

Download AdwCleaner (by Malwarebytes) and save it to Desktop. Run (it should be run by right-clicking as Administrator), press "Scan" and wait. At the end of the scan log will be found at: C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt (where x is any digit). Attach it to your next post here.

[Bizzo11]

Malwarebytes AdwCleaner 7.2.6.0

-------------------------------

Build: 12-18-2018

Database: 2019-01-25.2 (Cloud)

Support: https://www.malwarebytes.com/support

#

-------------------------------

Mode: Scan

-------------------------------

Start: 01-29-2019

Duration: 00:00:18

OS: Windows 7 Home Premium

Scanned: 31744

Detected: 2

[ Services ]

No malicious services found.

[ Folders ]

No malicious folders found.

[ Files ]

No malicious files found.

[ DLL ]

No malicious DLLs found.

[ WMI ]

No malicious WMI found.

[ Shortcuts ]

No malicious shortcuts found.

[ Tasks ]

No malicious tasks found.

[ Registry ]

PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Control\Class{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Control\Class{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}

[ Chromium (and derivatives) ]

No malicious Chromium entries found.

[ Chromium URLs ]

No malicious Chromium URLs found.

[ Firefox (and derivatives) ]

No malicious Firefox entries found.

[ Firefox URLs ]

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [6032 octets] - [23/01/2019 16:05:27] AdwCleaner[C00].txt - [5317 octets] - [23/01/2019 16:17:02] AdwCleaner[S01].txt - [1573 octets] - [25/01/2019 10:26:23] AdwCleaner[C01].txt - [1721 octets] - [25/01/2019 10:26:40] AdwCleaner[S02].txt - [1695 octets] - [26/01/2019 09:44:34] AdwCleaner[C02].txt - [1843 octets] - [26/01/2019 09:48:24] AdwCleaner[S03].txt - [1930 octets] - [28/01/2019 09:51:32] AdwCleaner[C03].txt - [2004 octets] - [28/01/2019 09:51:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########

2 threats are always found, then when it reboots they are gone. Problem is they keep coming back!

[Sandor-Helper]

I see that you've already did cleaning several times.

Next: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please attach the logs back here.

[Bizzo11]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2019 Ran by BizzoWhizzo2 (29-01-2019 11:16:29) Running from C:\Users\BizzoWhizzo2\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2017-06-20 11:03:47) Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-334533737-317225951-1012837674-500 - Administrator - Disabled) BizzoWhizzo2 (S-1-5-21-334533737-317225951-1012837674-1003 - Administrator - Enabled) => C:\Users\BizzoWhizzo2 Chelsey (S-1-5-21-334533737-317225951-1012837674-1001 - Limited - Enabled) => C:\Users\Chelsey Guest (S-1-5-21-334533737-317225951-1012837674-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-334533737-317225951-1012837674-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated) Adobe Acrobat XI Pro (HKLM-x32...{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems) Adobe Flash Player 32 ActiveX (HKLM-x32...\Adobe Flash Player ActiveX) (Version: 32.0.0.114 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated) Adobe Photoshop CS (HKLM-x32...{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.) Advanced PDF Password Recovery (HKLM-x32...{A85CC7BA-760F-4B65-8E2F-640BE314F2F8}) (Version: 5.06.113.2041 - Elcomsoft Co. Ltd.) Apple Application Support (32-bit) (HKLM-x32...{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM...{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.) Apple Mobile Device Support (HKLM...{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.) Apple Software Update (HKLM-x32...{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32...{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) ATI AVIVO64 Codecs (HKLM...{86E42509-8029-7678-F522-0636D80CD277}) (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM...{3FD3FC64-DA16-318E-DFD5-57466FF5FEB5}) (Version: 3.0.829.0 - ATI Technologies, Inc.) AVG AntiVirus FREE (HKLM-x32...\AVG Antivirus) (Version: 19.1.3075 - AVG Technologies) AVG Secure Browser (HKLM-x32...\AVG Secure Browser) (Version: 71.0.693.100 - AVG Technologies) AVG Update Helper (HKLM-x32...{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.155.333 - AVG Technologies) Hidden Bonjour (HKLM...{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite MFC-J430W (HKLM-x32...{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.) Brother MFL-Pro Suite MFC-J6520DW (HKLM-x32...{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.) CDBurnerXP (HKLM-x32...{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP) CleanUp! (HKLM-x32...\CleanUp!) (Version: - ) CloneCD (HKLM-x32...\CloneCD) (Version: - Elaborate Bytes) CloneDVD 4.1.0.23 (HKLM-x32...\MainApp.exeis1) (Version: - Copyright (C) 2003-2007 DVD X Studios.) D3DX10 (HKLM-x32...{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Elcomsoft Dictionaries (HKLM-x32...{74A23A1E-A394-4880-AB2B-076EDFC52AB5}) (Version: 1.0.1110 - Elcomsoft Co. Ltd.) Etron USB3.0 Host Controller (HKLM-x32...{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Hidden Etron USB3.0 Host Controller (HKLM-x32...\InstallShield{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Foxit Advanced PDF Editor 3 (HKLM-x32...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation) Foxit Phantom (HKLM-x32...\Foxit Phantom) (Version: 2.0.0.0424 - Foxit Software Company) Free DVD Decrypter version 1.5.6.908 (HKLM-x32...\Free DVD Decrypter_is1) (Version: 1.5.6.908 - DVDVideoSoft Ltd.) Garden Rescue (HKLM-x32...\Garden Rescue_is1) (Version: 1.0 - GameTop Pte. Ltd.) GiliSoft Movie DVD Creator 6.0.0 (HKLM-x32...{30AB2FCD-FBF2-4bed-5555-13E6A1468621}_is1) (Version: 6.0.0 - GiliSoft International LLC.) Google Chrome (HKLM-x32...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden GoTo Opener (HKLM-x32...{D144D2C2-4F96-48B7-BB2A-E9185050B619}) (Version: 1.0.491 - LogMeIn, Inc.) GoToMeeting 8.39.0.11408 (HKU\S-1-5-21-334533737-317225951-1012837674-1003...\GoToMeeting) (Version: 8.39.0.11408 - LogMeIn, Inc.) HandBrake 1.0.7 (HKLM-x32...\HandBrake) (Version: 1.0.7 - ) High-Definition Video Playback (HKLM-x32...{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.1.13900.47.0 - Nero AG) Hidden HydraVision (HKLM-x32...{1B7710D4-9D75-D5E5-4B6D-40F471E70398}) (Version: 4.2.206.0 - ATI Technologies Inc.) Hidden iCloud (HKLM...{28ABC5D7-AF47-4476-A6AA-C2DD822ED40F}) (Version: 7.9.0.9 - Apple Inc.) ImgBurn (HKLM-x32...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Chipset Device Software (HKLM-x32...{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM-x32...{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32...{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation) iTunes (HKLM...{160EFAC8-C79A-48A2-845C-3F6F577078A0}) (Version: 12.9.2.6 - Apple Inc.) Junk Mail filter update (HKLM-x32...{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Magic DVD Copier V9.0.1 (HKLM-x32...\Magic DVD Copier_is1) (Version: - Magic DVD Software, Inc.) Magic DVD Ripper V9.0.1 (HKLM-x32...\Magic DVD Ripper_is1) (Version: - Magic DVD Software, Inc.) Magnetic Adventure (HKLM-x32...\Magnetic Adventure_is1) (Version: 1.0 - Media Contact LLC) Malwarebytes version 3.6.1.2711 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Media Player Codec Pack 4.4.5 (HKLM-x32...\Media Player - Codec Pack) (Version: 4.4.5 - Media Player Codec Pack) Microsoft .NET Framework 4.7 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32...{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32...{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM...{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM...{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32...{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation) Microsoft Sync Framework 2.1 Database Providers (x86) ENU (HKLM-x32...{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM...{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32...{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Minecraft (HKLM-x32...{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Movavi Video Converter 17 (HKLM-x32...\Movavi Video Converter 17) (Version: 17.3.0 - Movavi) Movie Maker (HKLM-x32...{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32...{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 64.0.2 (x64 en-US) (HKLM...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla) Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 54.0 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32...{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32...{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MYOB AccountRight 2018.3 (HKLM-x32...{41101801-53DD-4065-9334-99DB4525FA7B}) (Version: 18.3.0 - MYOB Technology Pty. Ltd.) Hidden MYOB Add-On Connector (API) (HKLM-x32...{D6C7AC97-FA0D-4E0D-A5D8-496DE264C17A}) (Version: 2.21.2418 - MYOB Technology Pty Ltd) Hidden Nero BackItUp 10 (HKLM-x32...{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.6.11700.17.100 - Nero AG) Nero Backup Drivers (HKLM...{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG) Nero BurnRights 10 (HKLM-x32...{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG) Nero CoverDesigner 10 (HKLM-x32...{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG) Nero DiscSpeed 10 (HKLM-x32...{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG) Nero Express 10 (HKLM-x32...{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12400.25.100 - Nero AG) Nero InfoTool 10 (HKLM-x32...{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32...{89590A73-9AC3-48ED-B83E-6489900DED5A}) (Version: 10.5.10000 - Nero AG) Nero StartSmart 10 (HKLM-x32...{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11300.12.100 - Nero AG) Nero Update (HKLM-x32...{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) Nuance PaperPort 12 (HKLM-x32...{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32...{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM...{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Pac-Manic Worlds ver 1.0 (HKLM-x32...\PacManic_is1) (Version: 1.0 - Media Contact LLC) PaperPort Image Printer 64-bit (HKLM...{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) PDF Repair Toolbox 2.8 (HKLM-x32...\PDF Repair Toolbox_is1) (Version: - File Master LLC) PhotoStage Slideshow Producer (HKLM-x32...\PhotoStage) (Version: 4.17 - NCH Software) Platform (HKLM-x32...{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden QikKids Web - 1 (HKU\S-1-5-21-334533737-317225951-1012837674-1003...\dbc34b76b420c8d5) (Version: 1.0.0.46 - QK Technologies Pty Ltd) Scansoft PDF Professional (HKLM-x32...{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden Stellar Repair for Outlook (HKLM...\Stellar Repair for Outlook_is1) (Version: 9.0.0.0 - Stellar Information Technology Pvt. Ltd.) Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer 6.12.10 (HKLM-x32...\Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer_is1) (Version: 6.12.10 - Tansee, Inc.) TeamViewer 14 (HKLM-x32...\TeamViewer) (Version: 14.1.3399 - TeamViewer) TP-Link TL-WN881ND Driver (HKLM-x32...{5656127B-0110-4450-9CBD-643E760F152D}) (Version: 1.0.0 - TP-Link) TSST OEM Content (HKLM-x32...{885AFEC2-0809-47CE-8B3F-00AEC19DDD5F}) (Version: 10.0.10300.0.0 - Nero AG) UninstallTabletDeviceDriver (HKLM...{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 12.2.17 - ) Unlocker (HKLM...{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers) Unlocker 1.9.2 (HKLM...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) VDownloader 4.5.2973 (HKLM...{A7E19604-93AF-4611-8C9F-CE509C2B286E}is1) (Version: - Vitzo Limited) VIA Platform Device Manager (HKLM-x32...\InstallShield{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Web Companion (HKLM-x32...{0d479a16-e8f8-49d6-aa91-f712297fec96}) (Version: 4.3.1934.3766 - Lavasoft) Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (03/21/2016 7.12.0.7723) (HKLM...\649259B0CC9FC877E5E9F540185379310FDB2E31) (Version: 03/21/2016 7.12.0.7723 - Advanced Micro Devices) Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (07/15/2015 15.200.1062.0000) (HKLM...\516B7FCB7EC7470E248FBBC0032C54943549713E) (Version: 07/15/2015 15.200.1062.0000 - Advanced Micro Devices, Inc.) Windows Driver Package - Graphics Tablet (WinUsb) USBDevice (04/10/2014 8.33.30.0) (HKLM...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet) Windows Driver Package - Intel (MEIx64) System (03/28/2016 11.0.5.1189) (HKLM...\63CEF5543DBF9887E6220C5C2F7F85C2D4C726D5) (Version: 03/28/2016 11.0.5.1189 - Intel) Windows Driver Package - INTEL System (08/03/2016 10.1.2.77) (HKLM...\93C9C5096DEC2AAEADC4CB154BAF53D3636B089A) (Version: 08/03/2016 10.1.2.77 - INTEL) Windows Driver Package - INTEL System (08/03/2016 10.1.2.77) (HKLM...\E8FED7CAABE073F94B8D5C1662B869989F7D87B0) (Version: 08/03/2016 10.1.2.77 - INTEL) Windows Driver Package - Intel(R) Corporation (iusb3hub) USB (09/17/2013 1.0.10.255) (HKLM...\018AA1AF68E958C1EA26363A31BBD56A8613ACD6) (Version: 09/17/2013 1.0.10.255 - Intel(R) Corporation) Windows Driver Package - Intel(R) Corporation (iusb3xhc) USB (09/17/2013 1.0.10.255) (HKLM...\FC91C0A9AAE7C9A00C1B20B600E721E98701D8BA) (Version: 09/17/2013 1.0.10.255 - Intel(R) Corporation) Windows Driver Package - Qualcomm Atheros (L1C) Net (07/16/2013 2.1.0.21) (HKLM...\85155D893B161938E7C94D5EEC475BBBB5CEC07C) (Version: 07/16/2013 2.1.0.21 - Qualcomm Atheros) Windows Driver Package - Synaptics (SmbDrv) System (08/03/2015 19.0.19.1) (HKLM...\826B3DE4AFA0D0DE9CDB1432C42E3D9FE05B8D97) (Version: 08/03/2015 19.0.19.1 - Synaptics) Windows Driver Package - VSO Software (pcouffin) VSO devices (12/05/2006 1.37.0.0) (HKLM...\62F968B2C9851A80752EA429C0E7404AA36B3D9C) (Version: 12/05/2006 1.37.0.0 - VSO Software) Windows Live Essentials (HKLM-x32...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.40 (32-bit) (HKLM-x32...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Wondershare DVD Creator(Build 4.0.0) (HKLM-x32...\Wondershare DVD Creator_is1) (Version: - Wondershare Software) Wondershare DVD Slideshow Builder Deluxe(Build 6.1.9.60) (HKLM-x32...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.1.9.60 - WonderShare Software Co.,Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-01-06] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-12-03] (Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () ContextMenuHandlers2-x32: [CloneCD] -> {0E6C58A9-F592-4862-B35F-CA45E24003B3} => C:\Program Files (x86)\Elaborate Bytes\CloneCD\ElbyVCDShell.dll [2002-12-01] (Elaborate Bytes) ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] () ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] () ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-05-25] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-01-06] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] () ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2006-12-03] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {184B12C1-A47D-4CAC-A3F9-E70D252030F3} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [2018-08-27] (AVG Technologies) <==== ATTENTION Task: {4ACCB212-21A9-4191-B73F-E6DC5B0356BC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {66DA15B4-231C-4658-8D6F-35D5CB5A0C1F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {6ADC508E-2FA4-42C4-81B8-F62DE9E5BD70} - \My2Start FTP Client -> No File <==== ATTENTION Task: {6CD63CF7-4A13-4871-B878-C86103CDFA67} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {6F977A96-97DF-4D63-9D54-A73CE062E99C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated) Task: {8CA066C1-4E6D-4A3A-BE09-F43F0A944A64} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [2018-08-27] (AVG Technologies) <==== ATTENTION Task: {8E909E1E-13CA-422B-A89D-C16D34F82552} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2019-01-18] (AVG Technologies CZ, s.r.o.) Task: {9072CF42-3E8F-4055-A1B1-68A9F6D8D1DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-23] (Google Inc.) Task: {A6AC4ECF-17D9-4A63-A85A-2FFA5C5B940B} - System32\Tasks\G2MUploadTask-S-1-5-21-334533737-317225951-1012837674-1003 => C:\Users\BizzoWhizzo2\AppData\Local\GoToMeeting\11408\g2mupload.exe [2018-12-20] (LogMeIn, Inc.) Task: {B7DAAC49-F057-4929-9D1D-0B85ABA2CF46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-09] (Adobe Systems Incorporated) Task: {BA803CB9-037B-4365-8C22-BDB04B4BA5BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {D8D14552-A185-4F05-B752-55C7AC361832} - \ASPO Extension for Windows 8 -> No File <==== ATTENTION Task: {DDCC377D-692F-4C1F-94F1-444A38BBE2BF} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-09] (Adobe Systems Incorporated) Task: {E4A9B37C-8DB1-4933-BC56-CE854932A943} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2019-01-06] (AVG Technologies CZ, s.r.o.) Task: {EEE466C6-828A-4880-A8BC-674690D79910} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-23] (Google Inc.) Task: {FDC6FEAF-A8F5-43A7-831B-2EF6529255ED} - System32\Tasks\G2MUpdateTask-S-1-5-21-334533737-317225951-1012837674-1003 => C:\Users\BizzoWhizzo2\AppData\Local\GoToMeeting\11408\g2mupdate.exe [2018-12-20] (LogMeIn, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-334533737-317225951-1012837674-1003.job => C:\Users\BizzoWhizzo2\AppData\Local\GoToMeeting\11408\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-334533737-317225951-1012837674-1003.job => C:\Users\BizzoWhizzo2\AppData\Local\GoToMeeting\11408\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="EventFilter.Name=\"BVTFilter\": WMI:subscription\EventFilter->BVTFilter: WMI:subscription\CommandLineEventConsumer->BVTConsumer:

Shortcut: C:\Users\BizzoWhizzo2\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2019-01-06 09:24 - 2019-01-06 09:24 - 000662960 () C:\Program Files (x86)\AVG\Antivirus\streamback.dll 2019-01-06 09:24 - 2019-01-06 09:24 - 000550832 () C:\Program Files (x86)\AVG\Antivirus\guicache.dll 2019-01-06 09:24 - 2019-01-06 09:24 - 001967536 ____ () C:\Program Files (x86)\AVG\Antivirus\shepherdsync.dll 2019-01-29 11:07 - 2019-01-29 11:07 - 006943944 () C:\Program Files (x86)\AVG\Antivirus\defs\19012804\algo64.dll 2018-11-01 05:27 - 2018-11-01 05:27 - 001356088 () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-10-08 12:21 - 2019-01-04 11:49 - 002712432 () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2012-10-01 20:36 - 2012-10-01 20:36 - 006522480 () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2017-06-21 16:33 - 2000-01-01 11:00 - 000078456 () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2017-06-21 16:33 - 2000-01-01 11:00 - 000386168 () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2019-01-06 09:25 - 2019-01-06 09:26 - 093696960 () C:\Program Files (x86)\AVG\Antivirus\libcef.dll 2018-11-29 13:40 - 2018-11-29 13:40 - 001356088 () C:\Program Files\iTunes\libxml2.dll 2018-11-29 13:41 - 2018-11-29 13:41 - 000088888 () C:\Program Files\iTunes\zlib1.dll 2017-01-27 07:56 - 2017-01-27 07:56 - 000894416 () C:\Windows\SysWOW64\Codecs\TrayMenu.exe 2011-03-14 15:20 - 2011-03-14 15:20 - 000430080 () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-03-14 15:20 - 2011-03-14 15:20 - 000032768 () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll 2011-05-25 00:50 - 2011-05-25 00:50 - 000243712 () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-10-01 20:36 - 2012-10-01 20:36 - 001408624 () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll 2012-10-01 20:36 - 2012-10-01 20:36 - 000401024 () C:\Program Files\Microsoft Office\Office15\msfad.dll 2018-11-01 05:28 - 2018-11-01 05:28 - 001042744 () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-11-30 18:55 - 2017-11-30 18:55 - 000076088 () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2018-11-01 05:27 - 2018-11-01 05:27 - 000189752 () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2012-10-01 20:37 - 2012-10-01 20:37 - 006522480 () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2017-06-22 18:43 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:0395DD0D7758A2E5 [50] AlternateDataStreams: C:\ProgramData\TEMP:35216AFF [134]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU.DEFAULT...\localhost -> localhost IE trusted site: HKU\S-1-5-21-334533737-317225951-1012837674-1003...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2019-01-28 20:32 - 000000820 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path: C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\VDownloader HKU\S-1-5-21-334533737-317225951-1012837674-1003\Control Panel\Desktop\Wallpaper -> C:\Users\BizzoWhizzo2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: Fax => 3 MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{64EF3760-F7DB-47ED-950E-EFEBB1A159C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{BD3D0E6B-CDB3-45DB-BBA3-6379F61B8980}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{6EC0EEA4-BFBB-4E5A-B0F0-E2B27B0C164F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) FirewallRules: [{AF610B4D-A59F-4C33-AD01-C63573B226F9}] => (Allow) LPort=2869 FirewallRules: [{29E48C44-85EC-4C5D-8FB9-7B27F1627128}] => (Allow) LPort=1900 FirewallRules: [{DC8C901E-CD4B-4C72-BCDF-6CD3BB5FC5EE}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Corporation) FirewallRules: [{9C719023-58F7-4899-B6A3-407B44DED084}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Corporation) FirewallRules: [{DCEDDBFA-CBDC-4435-8596-309037033E89}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Corporation) FirewallRules: [{53E72B24-688D-4448-A227-CAD23D8E1146}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Corporation) FirewallRules: [{4A2DB754-9691-41BB-B17A-818354A05609}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Corporation) FirewallRules: [TCP Query User{4F975FBC-F5E7-4612-BB3D-1DBD79BFE303}C:\users\bizzowhizzo\appdata\local\temp\rar$ex00.542\chrome-bin\chrome.exe] => (Allow) C:\users\bizzowhizzo\appdata\local\temp\rar$ex00.542\chrome-bin\chrome.exe No File FirewallRules: [UDP Query User{EBD2CB1E-6E27-4533-ACBF-4CB402988F67}C:\users\bizzowhizzo\appdata\local\temp\rar$ex00.542\chrome-bin\chrome.exe] => (Allow) C:\users\bizzowhizzo\appdata\local\temp\rar$ex00.542\chrome-bin\chrome.exe No File FirewallRules: [{BAC4D84C-E551-49FE-A1EF-B1EE13E65C5D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) FirewallRules: [{0B6AE3BB-A367-4AD4-9AEA-79541BD04DA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{8D0C0DB3-3D35-4DBF-BEC9-2BCFB09CE8C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{5D03E0A3-F8D7-438A-8DD5-53B4EF1AE6CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{79C2827D-78E1-4C68-B1F1-14CBA6C22882}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{7A96D1EE-E702-47AB-BC7C-909E0386C262}] => (Allow) F:\install\Data\Disk1\Setup.exe No File FirewallRules: [{A17BF656-9ACD-4D01-A4EC-A370AF2F1F57}] => (Allow) F:\install\Data\Disk1\Setup.exe No File FirewallRules: [{B5F3DC4E-9619-451D-B81F-1A09818D2896}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation) FirewallRules: [{6B295116-F375-4082-BA4B-D5E0C4E0DE7F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation) FirewallRules: [{303381E4-512D-4AD2-A77A-6ED7FCA6A446}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation) FirewallRules: [{D6B27338-E5D6-4211-AF12-B4BC42580452}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation) FirewallRules: [TCP Query User{F7055691-B13A-47A1-8447-C5134DFD8627}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation) FirewallRules: [UDP Query User{CB07EBE6-15AB-49A0-AD80-C6DF49045AF0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation) FirewallRules: [{BBC25E32-4E47-4AF6-B9EA-ACC51DA4ABCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) FirewallRules: [{A14F04B4-0F2B-4B45-B139-25F2A909D1DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc.) FirewallRules: [{B7B8AA1D-B29A-4AFA-8D6A-600FBDEEDAD8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) FirewallRules: [{700910E5-5E54-4CD6-A51C-57D30C8A14C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) FirewallRules: [{2F767BA6-2290-45BB-9DF2-831C4FDE04D6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) FirewallRules: [{580D4C18-C1CF-4F7B-9CFA-1772DB937705}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) FirewallRules: [{9387A54F-F18D-4903-AC94-794FCD584925}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies CZ, s.r.o.) FirewallRules: [{5E0C6B3C-68AB-496A-9CFE-D5F5F404DFBE}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies CZ, s.r.o.) FirewallRules: [{ACF75037-CD47-429C-994B-F8EFBA03252F}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies)

==================== Restore Points =========================

16-01-2019 20:27:22 Scheduled Checkpoint 24-01-2019 08:16:33 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

Error: (01/29/2019 05:17:30 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/29/2019 04:45:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4420.1017, time stamp: 0x506742d6 Faulting module name: OUTLOOK.EXE, version: 15.0.4420.1017, time stamp: 0x506742d6 Exception code: 0xc0000005 Fault offset: 0x00000000001825c6 Faulting process id: 0x22a0 Faulting application start time: 0x01d4b7311f68693a Faulting application path: C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE Faulting module path: C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE Report Id: 7b436856-2324-11e9-b9a0-902b34636a64

Error: (01/28/2019 08:35:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/28/2019 03:38:45 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2019/01/28 15:38:45.244]: [00000628]: Initialize TwdsMain Class failed!

Error: (01/28/2019 03:38:45 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2019/01/28 15:38:45.244]: [00000628]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/28/2019 10:03:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2019/01/28 10:03:39.034]: [00001712]: Initialize TwdsMain Class failed!

Error: (01/28/2019 10:03:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2019/01/28 10:03:39.018]: [00001712]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/28/2019 09:49:29 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:

Error: (01/29/2019 11:11:08 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (01/29/2019 11:02:12 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (01/29/2019 11:02:11 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (01/29/2019 05:17:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: ASPI32

Error: (01/29/2019 05:17:29 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Wondershare Application Framework Service service hung on starting.

Error: (01/29/2019 05:16:00 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126

Error: (01/29/2019 05:15:50 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/29/2019 05:15:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz Percentage of memory in use: 70% Total physical RAM: 4058.34 MB Available physical RAM: 1208.63 MB Total Virtual: 8114.86 MB Available Virtual: 4810.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.06 GB) (Free:240.47 GB) NTFS Drive d: () (Fixed) (Total:443.23 GB) (Free:443.06 GB) NTFS Drive f: (CD467A3) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:846.09 GB) NTFS Drive i: (MY BOOK) (Fixed) (Total:298.02 GB) (Free:221.52 GB) FAT32 Drive j: (My Passport) (Fixed) (Total:931.48 GB) (Free:821.18 GB) NTFS

==================== MBR & Partition Table ==================

======================================================== Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

======================================================== Disk: 2 (Size: 298.1 GB) (Disk ID: 44FDFE06) Partition 1: (Not Active) - (Size=298.1 GB) - (Type=0C)

======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

======================================================== Disk: 4 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 07F77EF9) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Bizzo11]

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2019 Ran by BizzoWhizzo2 (administrator) on BIZZOWHIZZO-PC (29-01-2019 11:15:02) Running from C:\Users\BizzoWhizzo2\Downloads Loaded Profiles: BizzoWhizzo2 (Available Profiles: Chelsey & BizzoWhizzo2) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.224\WsAppService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe (AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler.exe (AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler64.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Graphic Tablet Company Shenzhen) C:\PenTabletDriver\TabletDriver.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe () C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\CloneCD\CloneCDTray.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrobat_sl.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4701184 2000-01-01] (VIA) HKLM...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [308656 2019-01-06] (AVG Technologies CZ, s.r.o.) HKLM...\Run: [VDownloader] => E:\VDownloader\VDownloader.exe /silent HKLM...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [634240 2016-05-27] (Graphic Tablet Company Shenzhen) HKLM...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc.) HKLM-x32...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-08] (Brother Industries, Ltd.) HKLM-x32...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2013-03-22] (Brother Industries, Ltd.) HKLM-x32...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.) HKLM-x32...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.) HKLM-x32...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation) HKLM-x32...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-03-22] (Nero AG) HKLM-x32...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate(CPC)\WSVCUUpdateHelper.exe HKLM-x32...\Run: [CloneCDTray] => C:\Program Files (x86)\Elaborate Bytes\CloneCD\CloneCDTray.exe [73728 2002-12-03] (Elaborate Bytes AG) HKLM-x32...\Run: [CloneCDElbyCDFL] => C:\Program Files (x86)\Elaborate Bytes\CloneCD\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG) HKLM-x32...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.) HKLM-x32...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [308656 2019-01-06] (AVG Technologies CZ, s.r.o.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-334533737-317225951-1012837674-1003...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-01] (Apple Inc.) HKU\S-1-5-21-334533737-317225951-1012837674-1003...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-334533737-317225951-1012837674-1003...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-18...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-18...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKLM...\Drivers32: [vidc.ffds] => C:\Windows\system32\ff_vfw.dll [127488 2013-12-17] () HKLM...\Drivers32-x32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3635904 2016-10-04] (x264vfw project) HKLM...\Drivers32-x32: [vidc.lags] => C:\Windows\SysWOW64\lagarith.dll [230080 2016-09-21] ( ) HKLM...\Drivers32-x32: [msacm.divxa32] => C:\Windows\SysWOW64\DivXa32.acm [291408 2013-12-17] (Packed With Joy !) HKLM...\Drivers32-x32: [vidc.dvsd] => C:\Windows\SysWOW64\pdvcodec.dll [265797 2010-03-12] (Matsushita Electric Industrial Co., Ltd.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-14] (Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\71.0.693.100\Installer\chrmstp.exe [2019-01-26] (AVG Technologies) HKLM\Software...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corp.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2017-06-28] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2017-07-13] ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe () Startup: C:\Users\BizzoWhizzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MYOB Add-On Connector.lnk [2018-09-26] ShortcutTarget: MYOB Add-On Connector.lnk -> C:\Users\BizzoWhizzo2\AppData\Local\Programs\MYOB\AddOnConnector\2.0.2018.3\MYOB.AccountRight.API.AddOnConnector.exe (No File) GroupPolicy\User: Restriction ? <==== ATTENTION GroupPolicyUsers\S-1-5-21-334533737-317225951-1012837674-1001\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip..\Interfaces{22F6BF59-A2EA-41B0-A362-3AF66C1FAFDE}: [DhcpNameServer] 172.20.10.1 Tcpip..\Interfaces{7D9FCEAB-B01B-4D0D-A319-77CEFC36B45A}: [NameServer] 8.8.8.8 Tcpip..\Interfaces{EAC9310E-9C59-4DC3-BD7A-0D10317B4CF7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:

HKU\S-1-5-21-334533737-317225951-1012837674-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated) DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:

FF DefaultProfile: ifn8vjhc.default FF ProfilePath: C:\Users\BizzoWhizzo2\AppData\Roaming\Mozilla\Firefox\Profiles\ifn8vjhc.default [2019-01-29] FF HKLM-x32...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-09-07] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-09] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-05] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)

Chrome:

CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\BizzoWhizzo2\AppData\Local\Google\Chrome\User Data\Default [2019-01-26] CHR Extension: (Slides) - C:\Users\BizzoWhizzo2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15] CHR Extension: (Docs) - C:\Users\BizzoWhizzo2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15] CHR Extension: (Google Drive) - C:\Users\BizzoWhizzo2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-22] CHR Extension: (YouTube) - C:\Users\BizzoWhizzo2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-22] CHR Extension: (Adobe Acrobat) - C:\Users\BizzoWhizzo2\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-23] CHR Extension: (Sheets) - C:\Users\BizzoWhizzo2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15] CHR Extension: (Google Docs Offline) - C:\Users\BizzoWhizzo2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\BizzoWhizzo2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05] CHR Extension: (Gmail) - C:\Users\BizzoWhizzo2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-22] CHR Extension: (Chrome Media Router) - C:\Users\BizzoWhizzo2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-14] CHR HKLM-x32...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2017-06-28] () [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.) S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-08-27] (AVG Technologies) R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [357872 2019-01-06] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [7882752 2019-01-06] (AVG Technologies CZ, s.r.o.) S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-08-27] (AVG Technologies) S3 AVGSecureBrowserElevationService; C:\Program Files (x86)\AVG\Browser\Application\71.0.693.100\elevation_service.exe [390032 2019-01-15] (AVG Technologies) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11660528 2018-12-07] (TeamViewer GmbH) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2000-01-01] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.224\WsAppService.exe [473824 2017-04-20] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 2004-08-06] (Adaptec) R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37160 2019-01-06] (AVG Technologies CZ, s.r.o.) R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [203336 2019-01-06] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [223616 2019-01-15] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [196632 2019-01-06] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\Windows\System32\drivers\avgblog.sys [320744 2019-01-06] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [58008 2019-01-06] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [46432 2019-01-06] (AVG Technologies CZ, s.r.o.) R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42336 2019-01-06] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [166840 2019-01-19] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [111848 2019-01-06] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87992 2019-01-06] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1033904 2019-01-06] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [474504 2019-01-06] (AVG Technologies CZ, s.r.o.) R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [217912 2019-01-06] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [380000 2019-01-06] (AVG Technologies CZ, s.r.o.) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R2 ElbyCDIO; C:\Windows\SysWOW64\Drivers\ElbyCDIO.sys [16320 2002-11-29] (Elaborate Bytes AG) [File not signed] R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [121032 2013-07-16] (Qualcomm Atheros Co., Ltd.) R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-01-04] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-01-29] (Malwarebytes) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-03-29] (Intel Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [6678992 2017-06-20] (Realtek Semiconductor Corporation ) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2018-04-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] S3 Sefdidivvrsv; no ImagePath R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-04] (Synaptics Incorporated) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] () R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [19504 2016-01-13] (Windows (R) Win 7 DDK provider) R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Western Digital Technologies) S3 RtlWlanu; system32\DRIVERS\rtwlanu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-29 11:15 - 2019-01-29 11:15 - 000025465 C:\Users\BizzoWhizzo2\Downloads\FRST.txt 2019-01-29 11:14 - 2019-01-29 11:15 - 000000000 ____D C:\FRST 2019-01-29 11:11 - 2019-01-29 11:11 - 002428416 (Farbar) C:\Users\BizzoWhizzo2\Downloads\FRST64.exe 2019-01-29 05:16 - 2019-01-29 05:16 - 000261032 (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-01-29 04:58 - 2019-01-29 05:04 - 000000000 ____D C:\Program Files\Stellar Repair for Outlook 2019-01-29 04:58 - 2019-01-29 04:58 - 000000843 C:\Users\BizzoWhizzo2\Desktop\Stellar Repair for Outlook.lnk 2019-01-29 04:58 - 2019-01-29 04:58 - 000000000 RSHD C:\ProgramData\Key-Base 2019-01-29 04:58 - 2019-01-29 04:58 - 000000000 D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Repair for Outlook 2019-01-29 04:58 - 2019-01-29 04:58 - 000000000 D C:\ProgramData{79CEC736-8AAE-2D9A-6418-185BA027518E} 2019-01-29 04:57 - 2019-01-29 04:57 - 017304376 ____ (Stellar Information Technology Pvt Ltd. ) C:\Users\BizzoWhizzo2\Downloads\pst-repair-t.exe 2019-01-28 20:32 - 2019-01-23 15:50 - 000001179 _ C:\Windows\system32\Drivers\etc\2019-01-28_20-32hosts.bak 2019-01-28 10:57 - 2019-01-28 10:57 - 002255874 C:\Users\BizzoWhizzo2\Desktop\BIG RED BASHYour_Complete_Event-Adventure_Travel_Kit_eBookWEB.pdf 2019-01-28 10:24 - 2019-01-28 10:44 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\LOG 2019-01-28 10:17 - 2018-03-15 17:07 - 001010768 (Alex Dragokas) C:\Users\BizzoWhizzo2\Desktop\ClearLNK.exe 2019-01-28 10:05 - 2019-01-28 10:05 - 001870232 C:\Users\BizzoWhizzo2\Desktop\Jasmine Pavlina.pdf 2019-01-26 10:55 - 2019-01-28 20:40 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\AutoLogger Stuff 2019-01-26 10:25 - 2019-01-26 11:53 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\NATHAN FIEN 2019 2019-01-23 16:04 - 2019-01-23 16:16 - 000000000 ____D C:\AdwCleaner 2019-01-23 16:04 - 2019-01-23 16:04 - 007320272 (Malwarebytes) C:\Users\BizzoWhizzo2\Desktop\adwcleaner7.2.6.0.exe 2019-01-23 15:25 - 2019-01-23 15:25 - 000000000 D C:\Windows\ABR 2019-01-23 15:24 - 2019-01-23 15:25 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\HiJackThis 2019-01-21 17:09 - 2019-01-21 17:24 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\Fire Safety cert 2019-01-20 11:38 - 2019-01-20 11:38 - 095214152 (Microsoft Corporation) C:\Users\BizzoWhizzo2\Downloads\outlook2013-kb3141466-fullfile-x64-glb.exe 2019-01-19 18:07 - 2019-01-19 18:07 - 000046080 _ C:\Users\BizzoWhizzo2\Documents\Outstanding claim form - sitting at co-authorisation.msg 2019-01-19 17:01 - 2019-01-19 17:01 - 000000000 D C:\Users\BizzoWhizzo2\AppData\LocalLow\VDownloader 2019-01-19 17:00 - 2019-01-19 17:01 - 000000000 D C:\Users\BizzoWhizzo2\AppData\Local\VDownloader 2019-01-19 17:00 - 2019-01-19 17:00 - 000000000 D C:\Users\BizzoWhizzo2\AppData\Roaming\VDownloader 2019-01-17 10:59 - 2019-01-17 10:59 - 000000000 D C:\Users\BizzoWhizzo2\AppData\OICE_15_974FA576_32C1D31412B9 2019-01-15 17:59 - 2019-01-15 17:59 - 000223616 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys 2019-01-15 16:59 - 2019-01-15 16:59 - 006011738 C:\Users\BizzoWhizzo2\Downloads\Stella MINDSET.mp4 2019-01-15 15:24 - 2019-01-06 09:24 - 000361392 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe 2019-01-15 08:40 - 2019-01-23 16:06 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\COMM BANK 2019-01-12 15:30 - 2019-01-15 17:00 - 000000000 ____ C:\Windows\system32\last.dump 2019-01-12 15:20 - 2019-01-12 15:20 - 009633705 C:\Users\Chelsey\Downloads\dwj-bodyconstruction.zip 2019-01-12 15:18 - 2019-01-12 15:18 - 001101407 _ C:\Users\Chelsey\Downloads\Draw_withJazza-AnatomyT.zip 2019-01-12 15:16 - 2019-01-12 15:16 - 001103694 C:\Users\Chelsey\Downloads\Draw_withJazza-AnatomyA.zip 2019-01-12 15:14 - 2019-01-12 15:14 - 000866855 ____ C:\Users\Chelsey\Downloads\Draw with Jazza - AnatomyLegs.zip 2019-01-10 19:40 - 2019-01-10 19:40 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\A n R 2019 2019-01-09 05:30 - 2019-01-09 05:31 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\NEWSLETTER 2019 2019-01-08 12:41 - 2019-01-08 12:41 - 000000670 C:\Users\BizzoWhizzo2\Desktop\Domain Info.txt 2019-01-08 11:57 - 2019-01-08 11:57 - 000000000 D C:\Users\BizzoWhizzo2\AppData\Local\TeamViewer 2019-01-08 11:28 - 2019-01-29 05:16 - 000000000 D C:\Program Files (x86)\TeamViewer 2019-01-08 11:28 - 2019-01-23 09:16 - 000000000 ____D C:\Users\BizzoWhizzo2\AppData\Roaming\TeamViewer 2019-01-08 11:28 - 2019-01-08 11:28 - 000001003 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk 2019-01-08 11:28 - 2019-01-08 11:28 - 000000991 C:\Users\Public\Desktop\TeamViewer 14.lnk 2019-01-08 11:27 - 2019-01-08 11:28 - 022647512 (TeamViewer GmbH) C:\Users\BizzoWhizzo2\Downloads\TeamViewerSetup.exe 2019-01-07 20:36 - 2019-01-07 20:36 - 000000000 D C:\Users\BizzoWhizzo2\AppData\Roaming\AMD 2019-01-07 20:35 - 2019-01-07 20:36 - 000000000 D C:\Users\BizzoWhizzo2\AppData\Local\Movavi 2019-01-07 20:35 - 2019-01-07 20:35 - 000000000 D C:\Users\BizzoWhizzo2\AppData\Local\converter 2019-01-07 20:26 - 2019-01-28 10:24 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\Copy Nifty Stuff - Copy 2019-01-07 20:20 - 2019-01-07 20:20 - 000056528 ____ (NirSoft) C:\Users\BizzoWhizzo2\Downloads\BulkFileChanger.exe 2019-01-07 20:08 - 2019-01-15 17:09 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\New folder (3) 2019-01-07 19:53 - 2019-01-07 19:53 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\Sustainability Folder 2019-01-06 09:33 - 2019-01-15 16:59 - 000001928 C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk 2019-01-06 09:27 - 2019-01-06 09:24 - 000037160 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys 2019-01-06 09:27 - 2019-01-06 09:23 - 000320744 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblog.sys 2019-01-06 09:27 - 2019-01-06 09:23 - 000196632 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys 2019-01-06 09:27 - 2019-01-06 09:23 - 000058008 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys 2019-01-04 11:50 - 2019-01-04 11:50 - 000198512 (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-29 11:09 - 2018-10-26 17:43 - 000000000 D C:\Users\BizzoWhizzo2\AppData\LocalLow\Mozilla 2019-01-29 11:06 - 2018-10-25 13:01 - 000000000 D C:\Users\BizzoWhizzo2\Documents\Outlook Files 2019-01-29 11:03 - 2017-06-22 22:27 - 000004174 C:\Windows\System32\Tasks\Antivirus Emergency Update 2019-01-29 11:02 - 2018-12-18 11:07 - 000000676 C:\Windows\Tasks\G2MUploadTask-S-1-5-21-334533737-317225951-1012837674-1003.job 2019-01-29 11:02 - 2018-12-18 11:07 - 000000580 C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-334533737-317225951-1012837674-1003.job 2019-01-29 05:25 - 2009-07-14 15:45 - 000024512 H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-01-29 05:25 - 2009-07-14 15:45 - 000024512 H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-01-29 05:16 - 2009-07-14 16:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-01-28 20:43 - 2018-08-23 10:43 - 000013245 C:\Windows\BRRBCOM.INI 2019-01-28 15:39 - 2018-10-25 12:50 - 000000000 D C:\Users\BizzoWhizzo2\AppData\Roaming\Adobe 2019-01-28 15:39 - 2017-06-22 19:52 - 000000000 D C:\ProgramData\Adobe 2019-01-28 15:20 - 2018-10-27 05:23 - 000000000 D C:\Users\BizzoWhizzo2\AppData\Local\Deployment 2019-01-28 10:44 - 2017-06-21 17:16 - 000001159 ____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-01-28 10:44 - 2017-06-20 22:04 - 000001485 C:\Users\BizzoWhizzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2019-01-28 10:24 - 2018-04-11 20:02 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\GAMES 2019-01-28 10:24 - 2017-10-18 16:17 - 000001383 ____ C:\Users\BizzoWhizzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.LNK 2019-01-28 10:24 - 2017-10-18 16:17 - 000001247 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.LNK 2019-01-28 10:24 - 2017-07-28 19:50 - 000000000 D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2019-01-28 10:24 - 2017-07-13 09:57 - 000000000 D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack 2019-01-28 10:24 - 2017-06-22 23:04 - 000000000 _RD C:\Users\BizzoWhizzo2\Desktop\Copy Nifty Stuff 2019-01-28 10:24 - 2017-06-22 21:54 - 000000000 D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp! 2019-01-26 16:32 - 2017-06-28 11:19 - 000000000 D C:\Windows\SysWOW64\Macromed 2019-01-26 10:13 - 2018-08-27 10:07 - 000002266 ___ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk 2019-01-26 10:13 - 2018-08-27 10:07 - 000002223 C:\Users\Public\Desktop\AVG Secure Browser.lnk 2019-01-24 12:43 - 2018-09-18 20:00 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\Kinderloop Pics 2019-01-23 16:18 - 2018-02-08 08:15 - 000000000 D C:\Program Files (x86)\Foxy Games 2019-01-23 16:17 - 2018-04-29 09:10 - 000000000 D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2019-01-23 16:01 - 2018-04-25 01:25 - 000000000 D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGamePick 2019-01-23 16:01 - 2018-04-25 01:25 - 000000000 D C:\Program Files (x86)\FreeGamePick 2019-01-20 10:30 - 2018-10-27 11:12 - 000000000 D C:\Users\BizzoWhizzo2\AppData\Local\ElevatedDiagnostics 2019-01-19 17:04 - 2017-06-22 22:26 - 000166840 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys 2019-01-19 17:01 - 2017-07-24 09:44 - 000000000 D C:\Program Files\VDownloader 2019-01-17 18:33 - 2009-07-14 16:13 - 000787266 C:\Windows\system32\PerfStringBackup.INI 2019-01-17 18:33 - 2009-07-14 14:20 - 000000000 D C:\Windows\inf 2019-01-14 09:45 - 2009-07-14 14:20 - 000000000 ____D C:\Windows\system32\NDF 2019-01-13 18:48 - 2018-12-18 11:07 - 000003732 C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-334533737-317225951-1012837674-1003 2019-01-13 18:48 - 2018-12-18 11:07 - 000003636 C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-334533737-317225951-1012837674-1003 2019-01-13 18:48 - 2018-09-20 10:56 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software 2019-01-13 18:48 - 2018-03-15 21:22 - 000004488 C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2019-01-13 18:48 - 2017-10-23 20:12 - 000003332 C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-01-13 18:48 - 2017-10-23 20:12 - 000003204 C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2019-01-13 18:48 - 2017-09-07 18:02 - 000004476 C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2019-01-13 18:48 - 2017-07-06 11:20 - 000004324 C:\Windows\System32\Tasks\Adobe Flash Player Updater 2019-01-12 22:05 - 2017-12-04 22:37 - 000514066 C:\Windows\ntbtlog.txt 2019-01-12 21:36 - 2017-06-21 17:16 - 000000000 D C:\Program Files (x86)\Mozilla Maintenance Service 2019-01-12 21:34 - 2017-06-21 17:16 - 000000000 D C:\Program Files (x86)\Mozilla Firefox 2019-01-12 15:23 - 2014-08-25 11:13 - 012806189 C:\Users\Chelsey\Desktop\DWJ-BodyConstruction.psd 2019-01-12 15:15 - 2017-06-25 15:33 - 000133160 _ C:\Users\Chelsey\AppData\Local\GDIPFONTCACHEV1.DAT 2019-01-12 15:14 - 2018-10-24 08:07 - 000004588 RSH C:\Users\Chelsey\ntuser.pol 2019-01-12 15:14 - 2017-06-25 15:30 - 000000000 __D C:\Users\Chelsey 2019-01-09 04:22 - 2017-07-06 11:20 - 000842240 _ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-01-09 04:22 - 2017-07-06 11:20 - 000000000 D C:\Windows\system32\Macromed 2019-01-09 04:22 - 2017-06-28 11:19 - 000175104 (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2019-01-09 04:01 - 2018-12-03 06:12 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\Children's Voices Activity 2019-01-08 11:38 - 2009-07-14 15:45 - 000482696 C:\Windows\system32\FNTCACHE.DAT 2019-01-08 11:30 - 2018-10-25 12:50 - 000133160 C:\Users\BizzoWhizzo2\AppData\Local\GDIPFONTCACHEV1.DAT 2019-01-07 20:57 - 2017-07-24 11:01 - 000000000 ____D C:\Users\BizzoWhizzo2.fontconfig 2019-01-06 12:07 - 2017-10-03 11:49 - 000000000 C:\Windows\SysWOW64\last.dump 2019-01-06 09:25 - 2017-11-27 22:07 - 000203336 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys 2019-01-06 09:25 - 2017-06-22 22:26 - 000474504 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys 2019-01-06 09:25 - 2017-06-22 22:26 - 000380000 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys 2019-01-06 09:25 - 2017-06-22 22:26 - 000217912 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys 2019-01-06 09:25 - 2017-06-22 22:26 - 000111848 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys 2019-01-06 09:25 - 2017-06-22 22:26 - 000087992 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys 2019-01-06 09:25 - 2017-06-22 22:26 - 000046432 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys 2019-01-06 09:24 - 2018-10-22 18:58 - 000042336 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys 2019-01-06 09:24 - 2017-06-22 22:26 - 001033904 (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys 2019-01-06 09:18 - 2018-11-05 22:02 - 000000000 D C:\Users\BizzoWhizzo2\AppData\Roaming\BitLord 2019-01-06 09:18 - 2017-06-28 16:51 - 000000000 D C:\Users\BizzoWhizzo2\Documents\BitLord 2019-01-06 09:06 - 2018-11-05 22:02 - 000000000 C:\Users\BizzoWhizzo2\AppData\Roaming\bitlordlog.txt 2019-01-04 11:49 - 2018-10-08 12:21 - 000152688 ____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-01-04 09:32 - 2017-09-07 18:01 - 000002441 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-01-03 07:07 - 2017-06-22 19:46 - 000000000 D C:\Users\BizzoWhizzo2\Desktop\Adobe Acrobat XI 2018-12-31 09:29 - 2018-12-28 09:47 - 000000000 ____D C:\Users\BizzoWhizzo2\Desktop\Security Cameras

==================== Files in the root of some directories =======

2010-06-02 05:21 - 2010-06-02 05:21 - 001347354 _ () C:\Program Files (x86)\Apr2005_d3dx9_25x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 001078962 ____ () C:\Program Files (x86)\Apr2005_d3dx9_25x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 001397830 ____ () C:\Program Files (x86)\Apr2006_d3dx9_30x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 001115221 ____ () C:\Program Files (x86)\Apr2006_d3dx9_30x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000916430 ____ () C:\Program Files (x86)\Apr2006_MDX1x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 004162630 () C:\Program Files (x86)\Apr2006_MDX1_x86Archive.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000179133 ____ () C:\Program Files (x86)\Apr2006_XACTx64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000133103 ____ () C:\Program Files (x86)\Apr2006_XACTx86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000087101 ____ () C:\Program Files (x86)\Apr2006_xinputx64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000046010 ____ () C:\Program Files (x86)\Apr2006_xinputx86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000698612 ____ () C:\Program Files (x86)\APR2007_d3dx10_33x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000695865 ____ () C:\Program Files (x86)\APR2007_d3dx10_33x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 001607358 ____ () C:\Program Files (x86)\APR2007_d3dx9_33x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 001606039 ____ () C:\Program Files (x86)\APR2007_d3dx9_33x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000195766 ____ () C:\Program Files (x86)\APR2007_XACTx64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000151225 ____ () C:\Program Files (x86)\APR2007_XACTx86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000096817 ____ () C:\Program Files (x86)\APR2007_xinputx64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000053302 ____ () C:\Program Files (x86)\APR2007_xinputx86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 001350542 ____ () C:\Program Files (x86)\Aug2005_d3dx9_27x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 001077644 ____ () C:\Program Files (x86)\Aug2005_d3dx9_27x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000182903 ____ () C:\Program Files (x86)\AUG2006_XACTx64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000137235 ____ () C:\Program Files (x86)\AUG2006_XACTx86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000087142 ____ () C:\Program Files (x86)\AUG2006_xinputx64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000046058 ____ () C:\Program Files (x86)\AUG2006_xinputx86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000852286 ____ () C:\Program Files (x86)\AUG2007_d3dx10_35x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000796867 ____ () C:\Program Files (x86)\AUG2007_d3dx10_35x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 001800160 ____ () C:\Program Files (x86)\AUG2007_d3dx9_35x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 001708152 ____ () C:\Program Files (x86)\AUG2007_d3dx9_35x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000198096 ____ () C:\Program Files (x86)\AUG2007_XACTx64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000153012 ____ () C:\Program Files (x86)\AUG2007_XACTx86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000867612 ____ () C:\Program Files (x86)\Aug2008_d3dx10_39x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000849167 ____ () C:\Program Files (x86)\Aug2008_d3dx10_39x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 001794084 ____ () C:\Program Files (x86)\Aug2008_d3dx9_39x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 001464672 ____ () C:\Program Files (x86)\Aug2008_d3dx9_39x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000121772 ____ () C:\Program Files (x86)\Aug2008_XACTx64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000092996 ____ () C:\Program Files (x86)\Aug2008_XACTx86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000271412 ____ () C:\Program Files (x86)\Aug2008_XAudiox64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000271038 ____ () C:\Program Files (x86)\Aug2008_XAudiox86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000919044 ____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000900598 ____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 003112111 ____ () C:\Program Files (x86)\Aug2009_d3dcsx_42x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 003319740 ____ () C:\Program Files (x86)\Aug2009_d3dcsx_42x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000232635 ____ () C:\Program Files (x86)\Aug2009_d3dx10_42x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000192131 ____ () C:\Program Files (x86)\Aug2009_d3dx10_42x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000136301 ____ () C:\Program Files (x86)\Aug2009_d3dx11_42x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000105044 ____ () C:\Program Files (x86)\Aug2009_d3dx11_42x86.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000930116 ____ () C:\Program Files (x86)\Aug2009_d3dx9_42x64.cab 2010-06-02 05:21 - 2010-06-02 05:21 - 000728456 ____ () C:\Program Files (x86)\Aug2009_d3dx9_42x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000122408 ____ () C:\Program Files (x86)\Aug2009_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000093106 ____ () C:\Program Files (x86)\Aug2009_XACTx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000273264 ____ () C:\Program Files (x86)\Aug2009_XAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000272642 ____ () C:\Program Files (x86)\Aug2009_XAudiox86.cab 2017-06-28 16:49 - 2012-07-08 21:34 - 000416791 ____ () C:\Program Files (x86)\Bitlord-uninst.exe 2017-06-28 16:49 - 2012-07-08 21:33 - 000000376 () C:\Program Files (x86)\bitlord-webui.cmd 2017-06-28 16:49 - 2012-07-08 21:33 - 000000378 () C:\Program Files (x86)\bitlord.cmd 2017-06-28 16:49 - 2012-03-12 22:50 - 000287934 () C:\Program Files (x86)\bitlord.ico 2017-06-28 16:49 - 2012-07-08 21:33 - 000001949 () C:\Program Files (x86)\BitLord.lnk 2017-06-28 16:49 - 2012-07-08 21:33 - 000000212 () C:\Program Files (x86)\bitlordd.cmd 2010-06-02 05:22 - 2010-06-02 05:22 - 001357976 () C:\Program Files (x86)\Dec2005_d3dx9_28x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001079456 ____ () C:\Program Files (x86)\Dec2005_d3dx9_28x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000212807 ____ () C:\Program Files (x86)\DEC2006_d3dx10_00x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000191720 ____ () C:\Program Files (x86)\DEC2006_d3dx10_00x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001571154 ____ () C:\Program Files (x86)\DEC2006_d3dx9_32x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001574376 ____ () C:\Program Files (x86)\DEC2006_d3dx9_32x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000192475 ____ () C:\Program Files (x86)\DEC2006_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000145599 ____ () C:\Program Files (x86)\DEC2006_XACTx86.cab 2011-03-30 11:40 - 2011-03-30 11:40 - 000095576 ____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll 2011-03-30 11:40 - 2011-03-30 11:40 - 001566040 (Microsoft Corporation) C:\Program Files (x86)\dsetup32.dll 2011-03-30 11:40 - 2011-03-30 11:40 - 000044624 () C:\Program Files (x86)\dxdllregx86.cab 2011-03-30 11:40 - 2011-03-30 11:40 - 000517976 ____ (Microsoft Corporation) C:\Program Files (x86)\DXSETUP.exe 2011-03-30 11:40 - 2011-03-30 11:40 - 000097152 () C:\Program Files (x86)\dxupdate.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001247499 () C:\Program Files (x86)\Feb2005_d3dx9_24x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001013225 ____ () C:\Program Files (x86)\Feb2005_d3dx9_24x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001362796 ____ () C:\Program Files (x86)\Feb2006_d3dx9_29x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001084720 ____ () C:\Program Files (x86)\Feb2006_d3dx9_29x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000178359 ____ () C:\Program Files (x86)\Feb2006_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000132409 ____ () C:\Program Files (x86)\Feb2006_XACTx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000194675 ____ () C:\Program Files (x86)\FEB2007_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000147983 ____ () C:\Program Files (x86)\FEB2007_XACTx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000054678 ____ () C:\Program Files (x86)\Feb2010_X3DAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000020713 ____ () C:\Program Files (x86)\Feb2010_X3DAudiox86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000122446 ____ () C:\Program Files (x86)\Feb2010_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000093180 ____ () C:\Program Files (x86)\Feb2010_XACTx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000276960 ____ () C:\Program Files (x86)\Feb2010_XAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000277191 ____ () C:\Program Files (x86)\Feb2010_XAudiox86.cab 2017-06-28 16:49 - 2012-07-08 21:34 - 000000044 ____ () C:\Program Files (x86)\homepage.url 2010-06-02 05:22 - 2010-06-02 05:22 - 001336002 _ () C:\Program Files (x86)\Jun2005_d3dx9_26x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001064925 ____ () C:\Program Files (x86)\Jun2005_d3dx9_26x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000180785 ____ () C:\Program Files (x86)\JUN2006_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000133671 () C:\Program Files (x86)\JUN2006_XACTx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000699044 ____ () C:\Program Files (x86)\JUN2007_d3dx10_34x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000698472 ____ () C:\Program Files (x86)\JUN2007_d3dx10_34x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001607774 ____ () C:\Program Files (x86)\JUN2007_d3dx9_34x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001607286 ____ () C:\Program Files (x86)\JUN2007_d3dx9_34x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000197122 ____ () C:\Program Files (x86)\JUN2007_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000152909 ____ () C:\Program Files (x86)\JUN2007_XACTx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000867828 ____ () C:\Program Files (x86)\JUN2008_d3dx10_38x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000849919 ____ () C:\Program Files (x86)\JUN2008_d3dx10_38x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001792608 ____ () C:\Program Files (x86)\JUN2008_d3dx9_38x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001463878 ____ () C:\Program Files (x86)\JUN2008_d3dx9_38x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000055154 ____ () C:\Program Files (x86)\JUN2008_X3DAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000021905 ____ () C:\Program Files (x86)\JUN2008_X3DAudiox86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000121054 ____ () C:\Program Files (x86)\JUN2008_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000093128 ____ () C:\Program Files (x86)\JUN2008_XACTx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000269628 ____ () C:\Program Files (x86)\JUN2008_XAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000269024 ____ () C:\Program Files (x86)\JUN2008_XAudiox86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000944460 ____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000931471 ____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000752783 ____ () C:\Program Files (x86)\Jun2010_d3dcsx_43x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000762188 ____ () C:\Program Files (x86)\Jun2010_d3dcsx_43x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000235955 ____ () C:\Program Files (x86)\Jun2010_d3dx10_43x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000197283 ____ () C:\Program Files (x86)\Jun2010_d3dx10_43x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000138205 ____ () C:\Program Files (x86)\Jun2010_d3dx11_43x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000109445 ____ () C:\Program Files (x86)\Jun2010_d3dx11_43x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000937246 ____ () C:\Program Files (x86)\Jun2010_d3dx9_43x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000768036 ____ () C:\Program Files (x86)\Jun2010_d3dx9_43x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000124596 ____ () C:\Program Files (x86)\Jun2010_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000093686 ____ () C:\Program Files (x86)\Jun2010_XACTx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000277338 ____ () C:\Program Files (x86)\Jun2010_XAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000278060 ____ () C:\Program Files (x86)\Jun2010_XAudiox86.cab 2017-06-28 16:49 - 2012-03-12 22:50 - 000033171 ____ () C:\Program Files (x86)\LICENSE 2010-06-02 05:22 - 2010-06-02 05:22 - 000844884 _ () C:\Program Files (x86)\Mar2008_d3dx10_37x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000818260 ____ () C:\Program Files (x86)\Mar2008_d3dx10_37x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001769862 ____ () C:\Program Files (x86)\Mar2008_d3dx9_37x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001443282 ____ () C:\Program Files (x86)\Mar2008_d3dx9_37x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000055058 ____ () C:\Program Files (x86)\Mar2008_X3DAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000021867 () C:\Program Files (x86)\Mar2008_X3DAudiox86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000122336 ____ () C:\Program Files (x86)\Mar2008_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000093734 ____ () C:\Program Files (x86)\Mar2008_XACTx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000251194 ____ () C:\Program Files (x86)\Mar2008_XAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000226250 ____ () C:\Program Files (x86)\Mar2008_XAudiox86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001067160 ____ () C:\Program Files (x86)\Mar2009_d3dx10_41x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001040745 ____ () C:\Program Files (x86)\Mar2009_d3dx10_41x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001973702 ____ () C:\Program Files (x86)\Mar2009_d3dx9_41x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001612446 ____ () C:\Program Files (x86)\Mar2009_d3dx9_41x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000054600 ____ () C:\Program Files (x86)\Mar2009_X3DAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000021298 ____ () C:\Program Files (x86)\Mar2009_X3DAudiox86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000121506 ____ () C:\Program Files (x86)\Mar2009_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000092740 ____ () C:\Program Files (x86)\Mar2009_XACTx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000275044 ____ () C:\Program Files (x86)\Mar2009_XAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000273018 ____ () C:\Program Files (x86)\Mar2009_XAudiox86.cab 1601-01-03 22:33 - 1601-01-03 22:33 - 000073216 N (Microsoft Corporation) C:\Program Files (x86)\NejLYiGuYoz.exe 2010-06-02 05:22 - 2010-06-02 05:22 - 000864600 () C:\Program Files (x86)\Nov2007_d3dx10_36x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000803884 ____ () C:\Program Files (x86)\Nov2007_d3dx10_36x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001802058 ____ () C:\Program Files (x86)\Nov2007_d3dx9_36x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001709360 ____ () C:\Program Files (x86)\Nov2007_d3dx9_36x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000046144 ____ () C:\Program Files (x86)\NOV2007_X3DAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000018496 ____ () C:\Program Files (x86)\NOV2007_X3DAudiox86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000196762 ____ () C:\Program Files (x86)\NOV2007_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000148264 ____ () C:\Program Files (x86)\NOV2007_XACTx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000994154 ____ () C:\Program Files (x86)\Nov2008_d3dx10_40x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000965421 ____ () C:\Program Files (x86)\Nov2008_d3dx10_40x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001906878 ____ () C:\Program Files (x86)\Nov2008_d3dx9_40x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001550796 ____ () C:\Program Files (x86)\Nov2008_d3dx9_40x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000054522 ____ () C:\Program Files (x86)\Nov2008_X3DAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000021851 ____ () C:\Program Files (x86)\Nov2008_X3DAudiox86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000121794 ____ () C:\Program Files (x86)\Nov2008_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000092684 ____ () C:\Program Files (x86)\Nov2008_XACTx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000273960 ____ () C:\Program Files (x86)\Nov2008_XAudiox64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000272611 ____ () C:\Program Files (x86)\Nov2008_XAudiox86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000086037 ____ () C:\Program Files (x86)\Oct2005_xinputx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000045359 ____ () C:\Program Files (x86)\Oct2005_xinputx86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001412902 ____ () C:\Program Files (x86)\OCT2006_d3dx9_31x64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 001127217 ____ () C:\Program Files (x86)\OCT2006_d3dx9_31x86.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000182361 ____ () C:\Program Files (x86)\OCT2006_XACTx64.cab 2010-06-02 05:22 - 2010-06-02 05:22 - 000138017 ____ () C:\Program Files (x86)\OCT2006_XACTx86.cab 2017-06-28 16:49 - 2012-03-12 22:50 - 000229376 ____ (PJ Naughter) C:\Program Files (x86)\StartX.exe 2017-06-28 16:49 - 2011-05-25 00:39 - 001821192 _ (Microsoft Corporation) C:\Program Files (x86)\vcredistx86.exe 2018-11-05 22:02 - 2019-01-06 09:06 - 000000000 () C:\Users\BizzoWhizzo2\AppData\Roaming\bitlordlog.txt 2018-10-25 13:28 - 2018-10-25 13:28 - 000007602 ____ () C:\Users\BizzoWhizzo2\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\dllhost.exe => File is digitally signed C:\Windows\SysWOW64\dllhost.exe => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-23 00:19

==================== End of FRST.txt ============================

[Sandor-Helper]

Temporarily turn off any antivirus. Highlight following code:

Start::
CreateRestorePoint:
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-334533737-317225951-1012837674-1001\User: Restriction <==== ATTENTION
Task: {6ADC508E-2FA4-42C4-81B8-F62DE9E5BD70} - \My2Start FTP Client -> No File <==== ATTENTION
Task: {D8D14552-A185-4F05-B752-55C7AC361832} - \ASPO Extension for Windows 8 -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows:0395DD0D7758A2E5 [50]
FirewallRules: [{7A96D1EE-E702-47AB-BC7C-909E0386C262}] => (Allow) F:\install\Data\Disk1\Setup.exe No File
FirewallRules: [{A17BF656-9ACD-4D01-A4EC-A370AF2F1F57}] => (Allow) F:\install\Data\Disk1\Setup.exe No File
Reboot:
End::

Copy highlighted text (right click - Copy). Run FRST (FRST64) as Administrator. Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

p.s. Rather than insert logs contents in message, better attach logs.

[Bizzo11]

Ok sorry about that.

Have fixed and attached the FRST Fixlog.txt

Thanks Fixlog.txt

[Sandor-Helper]

What kind of problems are you experience now?

[Bizzo11]

Hi there, I tried to click on the link to GitHub and it says "server not found". It does this with many shortcuts I have or links. The PC is still connected to the internet as I can google no problem. I am going to attach 2 screenshots to explain more. Once I run AdwCleaner or Restart the PC, all works well until i leave the PC and 'it sleeps' and when going back in, the problems happen again (until I restart).

[Bizzo11]

Hi there, I tried to click on the link to GitHub and it says "server not found". It does this with many shortcuts I have or links. The PC is still connected to the internet as I can google no problem. I am going to attach 2 screenshots to explain more. Once I run AdwCleaner or Restart the PC, all works well until i leave the PC and 'it sleeps' and when going back in, the problems happen again (until I restart).

[Bizzo11]

And the pc just froze when I tried to attach these files....

Thanks for helping :)

[Sandor-Helper]

Once I run AdwCleaner

Please attach its logs situated here

C:\AdwCleaner\Logs\

Get new CollectionLog using Autologger and answer a couple of questions: Do you connect to Internet via router? If yes, how many devices connected to it?

[Bizzo11]

I connect via a router WIRELESSLY. Have attached the logs I did the day I sent you the screenshot (cant remember which one had all those PUP files.... AdwCleaner[C05].txt AdwCleaner[C06].txt AdwCleaner[S05].txt AdwCleaner[S06].txt

Thanks!

[Sandor-Helper]

how many devices connected to it?

Or only one your PC?

And still waiting for:

Get new CollectionLog using Autologger

[Bizzo11]

All devices are connected wirelessly. My PC, Another PC (sometimes) and 2 iphones. Autolog coming

[Sandor-Helper]

Another PC (sometimes) and 2 iphones

Does the problems also appears on these devices?

[Bizzo11]

When opening Autologger it aborted saying I need to update the version.

After downloading Autolog (the wrong one) I ended up with extra software not needed. So after deleting those (through add/remove programs) I downloaded new version of AVZ Toolkit.

Here's the log; avz_log.txt

[Bizzo11]

Problem does not appear on the other devices.

[Sandor-Helper]

Sorry for missing your last answer. Autologger is updated now so you can try to do new CollectionLog.

[Bizzo11]

I appreciate your help.

Only AVZ Toolkit has been updated as I cannot work out how to update Autologger.

avz_log txt was attached (10days ago). Here's the one from today. avz_log.txt

PUP file is still coming back as detected by adw cleaner and always restarts.

The restarting alone will get rid of the problem as well. (the problem of not being able to connect to webpages/banking etc)

[Sandor-Helper]

how to update Autologger

Simply delete it along with its folder. Download new one and repeat making of CollectionLog.

[Bizzo11]

Ok thanks. Sometimes it is SO SIMPLE....

Please find the Log a CollectionLog-2019.02.19-15.21.zip ttached.

[Sandor-Helper]

On screen you've posted before I see Mozilla Firefox. Does the problem appears in another browser, for example in Internet Explorer?

You have Malwarebytes version 3.7.1.2839 installed. Please do a whole scan, save report in log and attach in to the next post.

[Bizzo11]

It appears in Google Chrome but not sure about Internet Explorer. Will check when it happens again.

Please find attached the Malwarebytes version 3.7.1 attached. Won't let me paste the txt file so have pasted the the whole text... Malwarebytes www.malwarebytes.com

-Log Details- Scan Date: 2/19/19 Scan Time: 5:51 PM Log File: c2d6867c-3412-11e9-a7ba-902b34636a64.json

-Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9324 License: Premium

-System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: BizzoWhizzo-PC\BizzoWhizzo2

-Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 322205 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 16 min, 47 sec

-Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect

-Scan Details- Process: 0 (No malicious items detected)

Module: 0 (No malicious items detected)

Registry Key: 0 (No malicious items detected)

Registry Value: 0 (No malicious items detected)

Registry Data: 0 (No malicious items detected)

Data Stream: 0 (No malicious items detected)

Folder: 0 (No malicious items detected)

File: 0 (No malicious items detected)

Physical Sector: 0 (No malicious items detected)

WMI: 0 (No malicious items detected)

(end)

[Sandor-Helper]

not sure about Internet Explorer. Will check when it happens again

OK, lets wait for result in IE.

[Bizzo11]

Hi again,

It happened again as I was using FIREFOX this time. All of a sudden the site went down and coudnt connect any websites.

Opened Internet Explorer and it was OK. I could access the websites.

[Sandor-Helper]

Opened Internet Explorer and it was OK. I could access the websites.

Good news!

Do a Firefox reset.

Do a Chrome reset.

Tell us about results.

[Bizzo11]

OK. Have done a refresh with FIREFOX. Doesn't help. Went to INTERNET EXPLORER and it wouldn't connect so I clicked the "Fix Connection Problems" link. It went through a series of diagnostics and said "Doesn't have a valid IP Confoguration" and then fixes it. It also fixed Mozilla Firefox as I could now access my webpage through FIREFOX as well. No need to restart. My issue is that I have to do this each time I login after leaving it for a while. I could leave it until it 'sleeps' or I can logoff and then when I re-login, the error appears again. I have done this twice now (got Internet Explorer to Fix Connection problems and repair IP Configuration).

[Sandor-Helper]

Please start system in Safe Mode with network. Check in different browsers - is the problem persist?

[Bizzo11]

Hi again.

If SAFE MODE everything seems great!

Left it overnight and it was still all working like a charm this morning.

[Sandor-Helper]

Good! Now do a clean boot and then try to determine which program or service is guilty.

[Bizzo11]

Did a clean reboot and disabled all startup items.

Did not rectify problem as it happened again.

[Sandor-Helper]

Uninstall AVG AntiVirus FREE via Control panel for the experiment. Then run this tool and see what happens.

[Bizzo11]

Hi there.

Wow! what a difference this has made.

No more shut down problems and it loads so QUCKLY on startup.

I think we did it!

Thank you so much!

[Sandor-Helper]

Great! Lets do final steps. Please run adwcleaner.exe In Settings tab scroll down to Uninstall AdwCleaner Confirm it pressing Yes.

Rename FRST.exe (or FRST64.exe) to uninstall.exe and run it. PC will reboot.

Uninstall Malwarebytes Antimalware via Control panel.

Run script in AVZ while Internet is connected:

var
LogPath : string;
ScriptPath : string;

begin
 LogPath := GetAVZDirectory + 'log\avz_log.txt';
 if FileExists(LogPath) Then DeleteFile(LogPath);
 ScriptPath := GetAVZDirectory +'ScanVuln.txt';

  if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else begin
    if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath) else begin
       ShowMessage('It is impossible to download AVZ script for finding vulnerability!');
       exit;
      end;
  end;
 if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.

After script ends and if it find vulnerabilities file avz_log.txt will be open in the Notepad and there'll be download links in it. First of all it depends to browsers, Java, Adobe Acrobat/Reader and Adobe Flash Player. You should download and install needful programs if they exist in avz_log.txt

Reboot your PC. Run script again to ensure that all vulnerabilities gone. Please follow an after treatment recommendations.