Hi, I hope I'm not infected again - thought I was doing everything right, no dubious sites visited... Computer slows down & gets 'stuck periodically. Without further ado, the prework results...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Anya (administrator) on ANYA-PC (23-05-2017 14:22:27)
Running from C:\Users\Anya\Desktop\PCHF progs & prework
Loaded Profiles: Anya (Available Profiles: Anya)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShield.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
() C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShieldService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(Intuit) C:\Program Files (x86)\QUICKENW\QW.EXE
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [2443600 2017-05-01] (VoodooSoft, LLC )
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-10] (AVAST Software)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
HKLM-x32\...\Run: [KeepVidProUpdateHelper.exe] => C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe [33992 2017-04-13] ()
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3005120 2017-04-04] (Sony Corporation)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-10] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{7627382C-5019-449A-B812-0620026D757C}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{E3766518-15B8-436E-BB5F-3E6C562D074B}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
URLSearchHook: [S-1-5-21-3010178862-2183218474-3834878404-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> DefaultScope {26080cad-4adc-49ac-8c63-eda16e595cbd} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO-x32: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\KVBrowserAppMgr.dll [2017-04-13] ()
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: dolfqtls.default
FF ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default [2017-05-23]
FF Homepage: Mozilla\Firefox\Profiles\dolfqtls.default -> hxxps://mg.mail.yahoo.com/neo/launch?.rand=4329iole1n0eg#6349
FF Session Restore: Mozilla\Firefox\Profiles\dolfqtls.default -> is enabled.
FF Extension: (Self-Destructing Cookies) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-26]
FF Extension: (Avast SafePrice) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\sp@avast.com.xpi [2017-05-10]
FF Extension: (uBlock Origin) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\uBlock0@raymondhill.net.xpi [2017-05-16]
FF Extension: (Avast Online Security) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\wrc@avast.com.xpi [2017-05-10]
FF Extension: (Greasemonkey) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-04-28]
FF Extension: (KeepVid Pro) - C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\kvallmytube@keepvid.com_xpi [2017-05-12]
FF HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\kvallmytube@keepvid.com_xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-10] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-10] (AVAST Software)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [505024 2017-04-04] (Sony Corporation)
R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [129360 2017-05-01] (VoodooSoft, LLC )
S3 WsDrvInst; C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe [123080 2017-04-13] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-10] (AVAST Software)
R3 VSScanner; C:\Windows\System32\DRIVERS\vsscanner.sys [21064 2016-08-19] (VoodooSoft, LLC)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\Users\Anya\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
U3 aswMBR; \??\C:\Users\Anya\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2090-10-18 06:31 - 2017-05-23 14:16 - 00315753 ____C C:\Windows\WindowsUpdate.log
2017-05-23 11:21 - 2017-05-23 11:25 - 50812969 ____C C:\Users\Anya\Downloads\Gossec Gavotte from Suzuki Book 1, slow, violin only.mp4
2017-05-23 10:58 - 2017-05-23 10:58 - 00094811 ____C C:\Users\Anya\Downloads\TIO 2017 05 14752 - TIO complaint 1.PDF
2017-05-23 08:04 - 2017-05-23 08:04 - 00000000 ___DC C:\ProgramData\SWCUTemp
2017-05-21 14:31 - 2017-05-21 14:31 - 00000000 ___DC C:\Users\Anya\AppData\Local\Apps\2.0
2017-05-21 14:09 - 2017-05-21 15:06 - 695352722 ____C C:\Users\Anya\Downloads\76943_Aust_gda94.ecw.part
2017-05-21 13:50 - 2017-05-21 13:52 - 00000000 ___DC C:\Users\Anya\Documents\maps
2017-05-21 13:47 - 2017-05-21 13:47 - 00143353 ____C C:\Users\Anya\Documents\Vicmap_Topographic_Georeferenced_PDFs.pdf
2017-05-18 17:16 - 2017-05-18 17:17 - 04069821 ____C C:\Users\Anya\Downloads\18289162_1310709432299036_472382274403303424_n.mp4
2017-05-17 15:06 - 2017-05-17 15:06 - 00166409 ____C C:\Users\Anya\Documents\2d3438393533353536363.pdf
2017-05-17 15:02 - 2017-05-17 15:02 - 00365149 ____C C:\Users\Anya\Documents\download(1).pdf
2017-05-17 14:23 - 2017-05-17 14:23 - 00145651 ____C C:\Users\Anya\Documents\Civil Claims List(1).pdf
2017-05-17 14:05 - 2017-05-17 14:05 - 00022719 ____C C:\Users\Anya\Documents\MercantileDemand.pdf
2017-05-15 13:12 - 2017-05-15 13:12 - 00118794 ____C C:\Users\Anya\Documents\Mobile_Phone_Policy.pdf
2017-05-15 12:19 - 2010-05-26 11:41 - 02401112 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-05-15 12:19 - 2010-05-26 11:41 - 01998168 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-05-15 12:18 - 2017-05-15 12:18 - 00002183 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
2017-05-15 12:18 - 2017-05-15 12:18 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2017-05-15 12:17 - 2017-05-15 12:17 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\Sony Corporation
2017-05-15 12:09 - 2017-05-15 12:09 - 00000000 ___DC C:\Program Files (x86)\Sony
2017-05-15 12:00 - 2017-05-15 12:00 - 00000000 ___DC C:\ProgramData\Sony Corporation
2017-05-13 09:38 - 2017-05-13 09:38 - 04452861 ____C C:\Users\Anya\Documents\Ultium-Competition-Sell-Sheet-2015(1).pdf
2017-05-12 09:58 - 2017-05-12 09:58 - 00000000 ___DC C:\Users\Anya\AppData\Local\Keepvid
2017-05-12 09:58 - 2017-05-12 09:58 - 00000000 ___DC C:\ProgramData\Aimersoft
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\KeepVid
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\Users\Anya\AppData\Local\Aimersoft
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\Users\Anya\.android
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\KeepVid Pro Recorded
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\KeepVid Pro Downloaded
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\KeepVid Pro Converted
2017-05-12 09:51 - 2017-05-12 09:51 - 00000000 ___DC C:\ProgramData\KeepVid
2017-05-12 09:51 - 2017-05-12 09:51 - 00000000 ___DC C:\Program Files (x86)\Keepvid
2017-05-12 09:48 - 2017-05-12 09:51 - 00000000 ___DC C:\Users\Public\Documents\Keepvid
2017-05-12 09:46 - 2017-05-12 09:47 - 01594397 ____C C:\Users\Anya\Downloads\david attenborough.mp4
2017-05-11 13:20 - 2017-05-12 19:20 - 00004476 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-10 18:23 - 2017-05-10 18:23 - 00000000 ___DC C:\Windows\Samsung
2017-05-10 18:23 - 2017-05-10 18:23 - 00000000 ___DC C:\Program Files (x86)\SamsungPrinterLiveUpdate
2017-05-10 18:23 - 2012-07-25 19:27 - 00497568 ____C () C:\Windows\ssndii.exe
2017-05-10 18:22 - 2009-10-13 18:44 - 00022016 ____C () C:\Windows\system32\sugw2l6.dll
2017-05-10 18:22 - 2009-10-13 18:44 - 00000411 ____C C:\Windows\system32\sugw2l6.smt
2017-05-10 18:22 - 2009-10-13 18:43 - 00151552 ____C (SS) C:\Windows\system32\sugw2ci.exe
2017-05-10 18:22 - 2009-10-13 18:43 - 00089600 ____C (SS) C:\Windows\system32\sugw2ci.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 01233920 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00701440 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml2.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00082432 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00081920 ____C (Samsung Electronics) C:\Windows\SysWOW64\ssdevm.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00044544 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00038160 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml2r.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00021776 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml2a.dll
2017-05-10 18:12 - 2017-05-10 18:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SCX-4x21 Series
2017-05-10 18:12 - 2012-07-25 13:02 - 00124792 ____C C:\Windows\Wiainst.exe
2017-05-10 18:12 - 2009-11-30 11:57 - 00047104 ____C (Samsung Electronics) C:\Windows\system32\Ssusbp64.dll
2017-05-10 18:12 - 2009-10-13 17:12 - 00074240 ____C (Samsung Electronics) C:\Windows\system32\ssdevm64.dll
2017-05-10 18:12 - 2009-10-06 21:33 - 00327168 ____C C:\Windows\system32\SaMinDrv.dll
2017-05-10 18:12 - 2009-10-06 21:33 - 00129536 ____C C:\Windows\system32\SaImgFlt.dll
2017-05-10 18:12 - 2009-10-06 21:33 - 00098816 ____C C:\Windows\system32\SaSegFlt.dll
2017-05-10 18:12 - 2009-10-06 21:33 - 00055808 ____C C:\Windows\system32\SaErHdlr.dll
2017-05-10 18:12 - 2009-10-06 21:25 - 00049152 ____C (Samsung Electronics) C:\Windows\SysWOW64\Ssusbpn.dll
2017-05-10 18:11 - 2011-07-08 14:43 - 00011576 ____C (Samsung Electronics) C:\Windows\system32\Drivers\SSPORT.SYS
2017-05-10 18:10 - 2017-05-10 18:10 - 00000000 ___DC C:\Program Files (x86)\Samsung
2017-05-10 18:05 - 2017-05-10 18:05 - 00027561 ____C C:\Users\Anya\Documents\colour task(1).pdf
2017-05-10 14:04 - 2017-05-10 14:04 - 00400456 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-09 13:25 - 2017-05-09 13:25 - 00004465 ____C C:\Users\Anya\Downloads\trans090517.qif
2017-05-08 10:26 - 2017-05-08 10:26 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\Esc-RemoteSupport
2017-05-08 08:48 - 2017-05-08 08:48 - 00000457 ____C C:\Users\Anya\Downloads\TransactionHistory(3).qif
2017-05-08 08:47 - 2017-05-08 08:47 - 00000997 ____C C:\Users\Anya\Downloads\TransactionHistory(2).qif
2017-05-08 08:46 - 2017-05-08 08:46 - 00025164 ____C C:\Users\Anya\Downloads\TransactionHistory(1).qif
2017-05-08 08:45 - 2017-05-08 08:45 - 00025164 ____C C:\Users\Anya\Downloads\TransactionHistory.qif
2017-05-06 19:50 - 2017-05-06 19:50 - 00170393 ____C C:\Users\Anya\Documents\id182.pdf
2017-05-05 09:55 - 2017-05-05 09:56 - 07725183 ____C C:\Users\Anya\Documents\April_2017.pdf
2017-05-04 17:37 - 2017-05-04 17:37 - 00027561 ____C C:\Users\Anya\Documents\colour task.pdf
2017-05-04 14:38 - 2017-05-04 14:38 - 00051394 ____C C:\Users\Anya\Documents\SETTL - Settlement Total Loss.pdf
2017-05-03 15:21 - 2017-05-03 15:21 - 00075168 ____C C:\Users\Anya\Documents\257899-4703260.pdf
2017-05-02 15:02 - 2017-05-02 15:02 - 00145651 ____C C:\Users\Anya\Documents\Civil Claims List.pdf
2017-05-02 12:48 - 2017-05-02 12:48 - 04452861 ____C C:\Users\Anya\Documents\Ultium-Competition-Sell-Sheet-2015.pdf
2017-04-30 20:16 - 2017-04-30 20:17 - 03610848 ____C C:\Users\Anya\Documents\DCRTRV280.pdf
2017-04-30 15:01 - 2017-04-30 15:02 - 03105609 ____C C:\Users\Anya\Documents\ZC429604ENmanual.pdf
2017-04-30 12:07 - 2017-04-30 12:08 - 05387546 ____C C:\Users\Anya\Downloads\Vintage talent.mp4
2017-04-28 09:23 - 2017-05-09 20:01 - 00004324 ____C C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-27 16:58 - 2017-04-27 16:58 - 00666584 ____C C:\Users\Anya\Documents\G1080SP-Manual.pdf
2017-04-27 16:58 - 2017-04-27 16:58 - 00479378 ____C C:\Users\Anya\Documents\-uploadfile-image-20141231023446015.PDF
2017-04-27 16:56 - 2017-04-27 17:07 - 56435638 ____C C:\Users\Anya\Documents\SJCam-SJ4000-Wi-Fi-Manual-2016-01-08-Rev-4.2.pdf
2017-04-27 16:50 - 2017-04-27 16:51 - 02144702 ____C C:\Users\Anya\Documents\SJ4500-SJ6000-SJ8000-swing-air-jacks.pdf
2017-04-27 16:31 - 2017-04-27 16:31 - 01578416 ____C C:\Users\Anya\Documents\82-19745.pdf
2017-04-27 16:31 - 2017-04-27 16:31 - 00352803 ____C C:\Users\Anya\Documents\VMS50-1080p-Full-HD-Action-Camera-User-Manual1.pdf
2017-04-27 16:28 - 2017-04-27 16:28 - 02307069 ____C C:\Users\Anya\Documents\GCXA1 DETAILED USER GUIDE.PDF
2017-04-27 13:50 - 2017-04-27 13:50 - 00180072 ____C C:\Users\Anya\Documents\363737323834373235373.pdf
2017-04-27 13:32 - 2017-04-27 13:32 - 00043703 ____C C:\Users\Anya\Documents\726-17_201703081314.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-23 14:23 - 2017-03-17 22:03 - 00000000 ___DC C:\ProgramData\VoodooShield
2017-05-23 14:21 - 2017-03-01 10:54 - 00000000 ___DC C:\FRST
2017-05-23 14:21 - 2017-03-01 10:49 - 00000000 ___DC C:\Users\Anya\Desktop\PCHF progs & prework
2017-05-23 14:17 - 2017-03-03 18:46 - 00004172 ____C C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-23 08:11 - 2009-07-14 14:45 - 00035088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-23 08:11 - 2009-07-14 14:45 - 00035088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-23 08:09 - 2017-01-02 17:06 - 00000000 ___DC C:\Users\Anya\AppData\LocalLow\Mozilla
2017-05-23 08:02 - 2009-07-14 15:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2017-05-23 08:01 - 2017-01-02 17:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-05-22 12:50 - 2017-04-09 20:38 - 00000000 ___DC C:\Users\Anya\Documents\apk files
2017-05-22 12:50 - 2017-01-02 15:52 - 00000000 ___DC C:\Users\Anya\Documents\computer
2017-05-20 12:00 - 2017-03-17 19:39 - 00217088 __SHC C:\Users\Anya\Documents\Thumbs.db
2017-05-20 11:50 - 2009-07-14 15:13 - 00781298 ____C C:\Windows\system32\PerfStringBackup.INI
2017-05-20 11:50 - 2009-07-14 13:20 - 00000000 ___DC C:\Windows\inf
2017-05-19 21:49 - 2017-02-08 08:43 - 00000000 ___DC C:\Users\Anya\Documents\hoofcare
2017-05-19 17:24 - 2017-01-02 15:54 - 00000000 ___DC C:\Users\Anya\Documents\dogs
2017-05-16 18:27 - 2017-01-02 14:34 - 00000000 ___DC C:\Users\Anya\AppData\Local\VirtualStore
2017-05-15 12:08 - 2017-01-19 18:53 - 00000000 ___DC C:\Users\Anya\Documents\land house building
2017-05-15 11:55 - 2017-03-17 22:03 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
2017-05-15 11:55 - 2017-03-17 22:03 - 00000000 ___DC C:\Program Files\VoodooShield
2017-05-13 08:42 - 2017-03-03 18:46 - 00158880 ____C (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-12 09:52 - 2017-01-02 14:34 - 00000000 ___DC C:\Users\Anya
2017-05-11 13:20 - 2017-01-19 14:47 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-05-10 18:08 - 2017-01-07 22:06 - 00000000 ___DC C:\Users\Anya\AppData\Local\ElevatedDiagnostics
2017-05-10 14:05 - 2017-03-23 19:57 - 00003890 ____C C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1490263047
2017-05-10 14:04 - 2017-03-03 18:46 - 00569192 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00339696 ____C (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00128648 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00101152 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00075704 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00038296 ____C (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-10 14:03 - 2017-03-03 22:55 - 00032600 ____C (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 01007160 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 00334576 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 00311808 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 00190256 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 00049016 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-09 20:01 - 2017-01-03 15:33 - 00803320 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-09 20:01 - 2017-01-03 15:33 - 00144888 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 20:01 - 2017-01-03 15:33 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-05-09 20:01 - 2017-01-03 15:33 - 00000000 ___DC C:\Windows\system32\Macromed
2017-04-30 12:14 - 2017-02-16 21:02 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\vlc
2017-04-29 12:36 - 2017-02-08 08:55 - 00000000 ___DC C:\Users\Anya\Documents\stock crate
2017-04-28 09:25 - 2017-01-03 15:28 - 00000000 ___DC C:\Users\Anya\AppData\Local\Adobe
Some files in TEMP:
====================
2017-05-15 11:44 - 2017-05-15 11:45 - 14044240 ____C (VoodooSoft, LLC ) C:\Users\Anya\AppData\Local\Temp\InstallVoodooShield.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ==> Could not access BCD.
LastRegBack: 2017-01-03 08:54
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Anya (23-05-2017 14:25:33)
Running from C:\Users\Anya\Desktop\PCHF progs & prework
Windows 7 Professional Service Pack 1 (X64) (2017-01-02 04:34:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3010178862-2183218474-3834878404-500 - Administrator - Disabled)
Anya (S-1-5-21-3010178862-2183218474-3834878404-1000 - Administrator - Enabled) => C:\Users\Anya
Guest (S-1-5-21-3010178862-2183218474-3834878404-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3010178862-2183218474-3834878404-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Avast Pro Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 6.00 - NCH Software)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
KeepVid Pro(Build 6.1.2.7) (HKLM-x32\...\KeepVid Pro_is1) (Version: 6.1.2.7 - KeepVid Studio)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
MVHShellExtension (HKLM\...\{48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}) (Version: 1.0.0 - MyVirtualHome)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PlayMemories Home (HKLM-x32\...\{4F95DC94-A29D-41F6-AF34-15AA0D666186}) (Version: 5.4.00.04040 - Sony Corporation)
PMB_ModeEditor (x32 Version: 10.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.4.00 - Sony Corporation) Hidden
Quicken CashBook - Version 8 (HKLM-x32\...\Quicken CashBook - Version 8) (Version: - )
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Samsung SCX-4x21 Series (HKLM-x32\...\Samsung SCX-4x21 Series) (Version: - Samsung Electronics CO.,LTD)
situhome (HKLM-x32\...\{BDFC5012-189A-4D13-B1CF-279DF1D2F03B}) (Version: 5.0.5038 - Homesoft Pty. Ltd.)
situhome (x32 Version: 5.0.5038 - Homesoft Pty. Ltd.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VoodooShield version 3.59 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 3.59 - VoodooSoft, LLC)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Wings 3D 2.1.5 (HKLM-x32\...\Wings 3D 2.1.5) (Version: - )
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1D21AFD6-05CE-42F3-BA96-FFCAC4689FA6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {2D435836-863C-4DA4-8663-A21C47D8152A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-14] (AVAST Software)
Task: {3F9980F9-DAF0-4FE8-B0FF-7F798D59F9D3} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Anya\Desktop\PCHF progs & prework\PrivaZer.exe [2017-03-03] (Goversoft LLC)
Task: {62DE036A-55A0-4965-B5C8-54174D692686} - System32\Tasks\SafeZone scheduled Autoupdate 1490263047 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {A45BEA91-28D9-4894-A3E1-614E4D959593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {D798EEE4-BD9A-4DE9-B8B4-252DDADD783C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-10] (AVAST Software)
Task: {F518A539-8368-4C38-945A-4C22F794512E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-10 18:22 - 2009-10-13 18:44 - 00022016 ____C () C:\Windows\System32\sugw2l6.dll
2017-03-17 22:03 - 2017-05-01 12:35 - 00265040 ____C () C:\Program Files\VoodooShield\Features.dll
2017-05-12 09:52 - 2017-04-13 16:27 - 00033992 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
2017-05-12 09:51 - 2017-04-13 15:58 - 01778688 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\WUL.Ctrls.dll
2017-05-12 09:51 - 2017-04-13 15:58 - 00758784 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\WUL.Core.dll
2017-05-12 09:51 - 2017-04-13 15:58 - 00046080 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\WUL.Localization.dll
2017-05-12 09:52 - 2017-04-13 16:26 - 00113664 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\Tasks.dll
2017-05-12 09:52 - 2017-04-13 16:26 - 00139776 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\Utility.dll
2017-01-04 13:53 - 2017-01-04 13:53 - 03052032 ____C () C:\Windows\assembly\NativeImages_v4.0.30319_64\PaintDotNetc8826574#\1231046019f02411806acdb82aa3f17a\PaintDotNet.SystemLayer.Native.x64.ni.dll
2016-12-12 16:01 - 2016-12-12 16:01 - 01083088 ____C () C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00170216 ____C () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00176992 ____C () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00223224 ____C () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-23 07:56 - 2017-05-23 07:56 - 05980160 ____C () C:\Program Files\AVAST Software\Avast\defs\17052202\algo.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00684656 ____C () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00230632 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00997896 ____C () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 67717632 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00291824 ____C () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-12 09:52 - 2016-10-08 17:03 - 01506304 ____C () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2017-05-12 09:52 - 2016-07-21 10:54 - 00137728 ____C () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2017-01-02 17:35 - 2000-07-20 10:27 - 00316416 ____C () C:\Program Files (x86)\QUICKENW\BAS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:34 - 2017-03-03 14:18 - 00000089 _RSHC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5EB3DB86-2C8F-478D-AE21-5C7D6B6FA9D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{615F7A83-9DCE-4BE8-9D0E-0D4AF4FED0E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5E89A639-19DC-4FBE-B92A-FDDBB5AAB57C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{9741C565-BB61-497F-8BED-710D4AD42CC0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
==================== Restore Points =========================
15-05-2017 12:19:04 Installed DirectX
==================== Faulty Device Manager Devices =============
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/23/2017 08:03:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/15/2017 11:41:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/08/2017 10:24:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/01/2017 04:59:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/27/2017 09:55:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/15/2017 01:57:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/12/2017 09:18:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a144
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25
Exception code: 0xc0000005
Fault offset: 0x0000000000001098
Faulting process id: 0x1120
Faulting application start time: 0x01d2ae61e824bdd2
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\DUI70.dll
Report Id: c145a501-1f71-11e7-9c5c-0024e8dc6112
Error: (03/26/2017 10:07:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/26/2017 10:04:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/24/2017 10:24:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (05/23/2017 02:16:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (05/23/2017 02:16:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (05/23/2017 02:16:55 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (05/23/2017 02:16:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (05/23/2017 02:16:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (05/23/2017 02:16:45 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (05/23/2017 11:20:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (05/23/2017 11:20:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (05/23/2017 11:20:04 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (05/23/2017 09:40:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
CodeIntegrity:
===================================
Date: 2017-03-07 22:03:56.503
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-07 22:03:56.503
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P9400 @ 2.40GHz
Percentage of memory in use: 76%
Total physical RAM: 4047.92 MB
Available physical RAM: 970.39 MB
Total Virtual: 8094.04 MB
Available Virtual: 2263.15 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.46 GB) (Free:79.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C8B9BFB9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=504 MB) - (Type=27)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-03-01 12:10:33
-----------------------------
12:10:33.299 OS Version: Windows x64 6.1.7601 Service Pack 1
12:10:33.299 Number of processors: 2 586 0x170A
12:10:33.301 ComputerName: ANYA-PC UserName: Anya
12:10:36.188 Initialize success
12:10:36.870 VM: initialized successfully
12:10:36.873 VM: Intel CPU BiosDisabled
12:17:41.631 AVAST engine defs: 17010903
12:19:02.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:19:02.670 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
12:19:02.896 Disk 0 MBR read successfully
12:19:02.899 Disk 0 MBR scan
12:19:02.906 Disk 0 Windows 7 default MBR code
12:19:02.920 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:19:02.926 Disk 0 default boot code
12:19:02.939 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152019 MB offset 206848
12:19:02.973 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 504 MB offset 311543808
12:19:03.034 Disk 0 scanning C:\Windows\system32\drivers
12:19:15.284 Service scanning
12:19:43.094 Modules scanning
12:19:43.106 Disk 0 trace - called modules:
12:19:43.152 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:19:43.158 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800439d060]
12:19:43.164 3 CLASSPNP.SYS[fffff880011d143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040b5680]
12:19:44.592 AVAST engine scan C:\Windows
12:19:47.579 AVAST engine scan C:\Windows\system32
12:32:25.222 AVAST engine scan C:\Windows\system32\drivers
12:34:02.728 AVAST engine scan C:\Users\Anya
13:20:58.634 AVAST engine scan C:\ProgramData
13:22:09.962 Disk 0 statistics 4191535/0/0 @ 0.96 MB/s
13:22:10.019 Scan finished successfully
13:37:13.672 Disk 0 MBR has been saved successfully to "C:\Users\Anya\Desktop\PC prework\MBR.dat"
13:37:13.722 The log file has been saved successfully to "C:\Users\Anya\Desktop\PC prework\aswMBR.txt"
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-05-23 14:23:25
-----------------------------
14:23:25.802 OS Version: Windows x64 6.1.7601 Service Pack 1
14:23:25.802 Number of processors: 2 586 0x170A
14:23:25.802 ComputerName: ANYA-PC UserName: Anya
14:23:37.388 Initialize success
14:23:37.437 VM: initialized successfully
14:23:37.437 VM: Intel CPU BiosDisabled
14:23:47.257 AVAST engine defs: 17052202
14:48:47.808 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:48:47.811 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
14:48:48.034 Disk 0 MBR read successfully
14:48:48.038 Disk 0 MBR scan
14:48:48.057 Disk 0 Windows 7 default MBR code
14:48:48.080 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:48:48.087 Disk 0 default boot code
14:48:48.099 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152019 MB offset 206848
14:48:48.133 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 504 MB offset 311543808
14:48:48.179 Disk 0 scanning C:\Windows\system32\drivers
14:49:19.246 Service scanning
14:50:16.829 Modules scanning
14:50:16.831 Disk 0 trace - called modules:
14:50:16.899 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:50:16.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004617060]
14:50:16.901 3 aswSP.sys[fffff88003c45432] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004091060]
14:50:19.053 AVAST engine scan C:\Windows
14:50:21.955 AVAST engine scan C:\Windows\system32
14:53:21.170 AVAST engine scan C:\Windows\system32\drivers
14:53:31.634 AVAST engine scan C:\Users\Anya
15:08:40.594 File: C:\Users\Anya\Desktop\PCHF progs & prework\zoek.exe **INFECTED** Win32:Malware-gen
15:08:46.105 File: C:\Users\Anya\Documents\computer\malware & tuneup\zoek(1).exe **INFECTED** Win32:Malware-gen
16:32:06.593 AVAST engine scan C:\ProgramData
16:33:07.847 Disk 0 statistics 4325060/0/0 @ 1.56 MB/s
16:33:07.872 Scan finished successfully
16:42:07.181 Disk 0 MBR has been saved successfully to "C:\Users\Anya\Desktop\PCHF progs & prework\MBR.dat"
16:42:07.206 The log file has been saved successfully to "C:\Users\Anya\Desktop\PCHF progs & prework\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Anya (administrator) on ANYA-PC (23-05-2017 14:22:27)
Running from C:\Users\Anya\Desktop\PCHF progs & prework
Loaded Profiles: Anya (Available Profiles: Anya)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShield.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
() C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShieldService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(Intuit) C:\Program Files (x86)\QUICKENW\QW.EXE
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [2443600 2017-05-01] (VoodooSoft, LLC )
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-10] (AVAST Software)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
HKLM-x32\...\Run: [KeepVidProUpdateHelper.exe] => C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe [33992 2017-04-13] ()
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3005120 2017-04-04] (Sony Corporation)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-10] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{7627382C-5019-449A-B812-0620026D757C}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{E3766518-15B8-436E-BB5F-3E6C562D074B}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
URLSearchHook: [S-1-5-21-3010178862-2183218474-3834878404-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> DefaultScope {26080cad-4adc-49ac-8c63-eda16e595cbd} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO-x32: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\KVBrowserAppMgr.dll [2017-04-13] ()
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: dolfqtls.default
FF ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default [2017-05-23]
FF Homepage: Mozilla\Firefox\Profiles\dolfqtls.default -> hxxps://mg.mail.yahoo.com/neo/launch?.rand=4329iole1n0eg#6349
FF Session Restore: Mozilla\Firefox\Profiles\dolfqtls.default -> is enabled.
FF Extension: (Self-Destructing Cookies) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-26]
FF Extension: (Avast SafePrice) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\sp@avast.com.xpi [2017-05-10]
FF Extension: (uBlock Origin) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\uBlock0@raymondhill.net.xpi [2017-05-16]
FF Extension: (Avast Online Security) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\wrc@avast.com.xpi [2017-05-10]
FF Extension: (Greasemonkey) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-04-28]
FF Extension: (KeepVid Pro) - C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\kvallmytube@keepvid.com_xpi [2017-05-12]
FF HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\kvallmytube@keepvid.com_xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-10] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-10] (AVAST Software)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [505024 2017-04-04] (Sony Corporation)
R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [129360 2017-05-01] (VoodooSoft, LLC )
S3 WsDrvInst; C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe [123080 2017-04-13] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-10] (AVAST Software)
R3 VSScanner; C:\Windows\System32\DRIVERS\vsscanner.sys [21064 2016-08-19] (VoodooSoft, LLC)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\Users\Anya\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
U3 aswMBR; \??\C:\Users\Anya\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2090-10-18 06:31 - 2017-05-23 14:16 - 00315753 ____C C:\Windows\WindowsUpdate.log
2017-05-23 11:21 - 2017-05-23 11:25 - 50812969 ____C C:\Users\Anya\Downloads\Gossec Gavotte from Suzuki Book 1, slow, violin only.mp4
2017-05-23 10:58 - 2017-05-23 10:58 - 00094811 ____C C:\Users\Anya\Downloads\TIO 2017 05 14752 - TIO complaint 1.PDF
2017-05-23 08:04 - 2017-05-23 08:04 - 00000000 ___DC C:\ProgramData\SWCUTemp
2017-05-21 14:31 - 2017-05-21 14:31 - 00000000 ___DC C:\Users\Anya\AppData\Local\Apps\2.0
2017-05-21 14:09 - 2017-05-21 15:06 - 695352722 ____C C:\Users\Anya\Downloads\76943_Aust_gda94.ecw.part
2017-05-21 13:50 - 2017-05-21 13:52 - 00000000 ___DC C:\Users\Anya\Documents\maps
2017-05-21 13:47 - 2017-05-21 13:47 - 00143353 ____C C:\Users\Anya\Documents\Vicmap_Topographic_Georeferenced_PDFs.pdf
2017-05-18 17:16 - 2017-05-18 17:17 - 04069821 ____C C:\Users\Anya\Downloads\18289162_1310709432299036_472382274403303424_n.mp4
2017-05-17 15:06 - 2017-05-17 15:06 - 00166409 ____C C:\Users\Anya\Documents\2d3438393533353536363.pdf
2017-05-17 15:02 - 2017-05-17 15:02 - 00365149 ____C C:\Users\Anya\Documents\download(1).pdf
2017-05-17 14:23 - 2017-05-17 14:23 - 00145651 ____C C:\Users\Anya\Documents\Civil Claims List(1).pdf
2017-05-17 14:05 - 2017-05-17 14:05 - 00022719 ____C C:\Users\Anya\Documents\MercantileDemand.pdf
2017-05-15 13:12 - 2017-05-15 13:12 - 00118794 ____C C:\Users\Anya\Documents\Mobile_Phone_Policy.pdf
2017-05-15 12:19 - 2010-05-26 11:41 - 02401112 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-05-15 12:19 - 2010-05-26 11:41 - 01998168 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-05-15 12:18 - 2017-05-15 12:18 - 00002183 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
2017-05-15 12:18 - 2017-05-15 12:18 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2017-05-15 12:17 - 2017-05-15 12:17 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\Sony Corporation
2017-05-15 12:09 - 2017-05-15 12:09 - 00000000 ___DC C:\Program Files (x86)\Sony
2017-05-15 12:00 - 2017-05-15 12:00 - 00000000 ___DC C:\ProgramData\Sony Corporation
2017-05-13 09:38 - 2017-05-13 09:38 - 04452861 ____C C:\Users\Anya\Documents\Ultium-Competition-Sell-Sheet-2015(1).pdf
2017-05-12 09:58 - 2017-05-12 09:58 - 00000000 ___DC C:\Users\Anya\AppData\Local\Keepvid
2017-05-12 09:58 - 2017-05-12 09:58 - 00000000 ___DC C:\ProgramData\Aimersoft
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\KeepVid
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\Users\Anya\AppData\Local\Aimersoft
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\Users\Anya\.android
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\KeepVid Pro Recorded
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\KeepVid Pro Downloaded
2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\KeepVid Pro Converted
2017-05-12 09:51 - 2017-05-12 09:51 - 00000000 ___DC C:\ProgramData\KeepVid
2017-05-12 09:51 - 2017-05-12 09:51 - 00000000 ___DC C:\Program Files (x86)\Keepvid
2017-05-12 09:48 - 2017-05-12 09:51 - 00000000 ___DC C:\Users\Public\Documents\Keepvid
2017-05-12 09:46 - 2017-05-12 09:47 - 01594397 ____C C:\Users\Anya\Downloads\david attenborough.mp4
2017-05-11 13:20 - 2017-05-12 19:20 - 00004476 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-10 18:23 - 2017-05-10 18:23 - 00000000 ___DC C:\Windows\Samsung
2017-05-10 18:23 - 2017-05-10 18:23 - 00000000 ___DC C:\Program Files (x86)\SamsungPrinterLiveUpdate
2017-05-10 18:23 - 2012-07-25 19:27 - 00497568 ____C () C:\Windows\ssndii.exe
2017-05-10 18:22 - 2009-10-13 18:44 - 00022016 ____C () C:\Windows\system32\sugw2l6.dll
2017-05-10 18:22 - 2009-10-13 18:44 - 00000411 ____C C:\Windows\system32\sugw2l6.smt
2017-05-10 18:22 - 2009-10-13 18:43 - 00151552 ____C (SS) C:\Windows\system32\sugw2ci.exe
2017-05-10 18:22 - 2009-10-13 18:43 - 00089600 ____C (SS) C:\Windows\system32\sugw2ci.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 01233920 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00701440 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml2.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00082432 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00081920 ____C (Samsung Electronics) C:\Windows\SysWOW64\ssdevm.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00044544 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00038160 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml2r.dll
2017-05-10 18:22 - 2009-10-13 17:12 - 00021776 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml2a.dll
2017-05-10 18:12 - 2017-05-10 18:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SCX-4x21 Series
2017-05-10 18:12 - 2012-07-25 13:02 - 00124792 ____C C:\Windows\Wiainst.exe
2017-05-10 18:12 - 2009-11-30 11:57 - 00047104 ____C (Samsung Electronics) C:\Windows\system32\Ssusbp64.dll
2017-05-10 18:12 - 2009-10-13 17:12 - 00074240 ____C (Samsung Electronics) C:\Windows\system32\ssdevm64.dll
2017-05-10 18:12 - 2009-10-06 21:33 - 00327168 ____C C:\Windows\system32\SaMinDrv.dll
2017-05-10 18:12 - 2009-10-06 21:33 - 00129536 ____C C:\Windows\system32\SaImgFlt.dll
2017-05-10 18:12 - 2009-10-06 21:33 - 00098816 ____C C:\Windows\system32\SaSegFlt.dll
2017-05-10 18:12 - 2009-10-06 21:33 - 00055808 ____C C:\Windows\system32\SaErHdlr.dll
2017-05-10 18:12 - 2009-10-06 21:25 - 00049152 ____C (Samsung Electronics) C:\Windows\SysWOW64\Ssusbpn.dll
2017-05-10 18:11 - 2011-07-08 14:43 - 00011576 ____C (Samsung Electronics) C:\Windows\system32\Drivers\SSPORT.SYS
2017-05-10 18:10 - 2017-05-10 18:10 - 00000000 ___DC C:\Program Files (x86)\Samsung
2017-05-10 18:05 - 2017-05-10 18:05 - 00027561 ____C C:\Users\Anya\Documents\colour task(1).pdf
2017-05-10 14:04 - 2017-05-10 14:04 - 00400456 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-09 13:25 - 2017-05-09 13:25 - 00004465 ____C C:\Users\Anya\Downloads\trans090517.qif
2017-05-08 10:26 - 2017-05-08 10:26 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\Esc-RemoteSupport
2017-05-08 08:48 - 2017-05-08 08:48 - 00000457 ____C C:\Users\Anya\Downloads\TransactionHistory(3).qif
2017-05-08 08:47 - 2017-05-08 08:47 - 00000997 ____C C:\Users\Anya\Downloads\TransactionHistory(2).qif
2017-05-08 08:46 - 2017-05-08 08:46 - 00025164 ____C C:\Users\Anya\Downloads\TransactionHistory(1).qif
2017-05-08 08:45 - 2017-05-08 08:45 - 00025164 ____C C:\Users\Anya\Downloads\TransactionHistory.qif
2017-05-06 19:50 - 2017-05-06 19:50 - 00170393 ____C C:\Users\Anya\Documents\id182.pdf
2017-05-05 09:55 - 2017-05-05 09:56 - 07725183 ____C C:\Users\Anya\Documents\April_2017.pdf
2017-05-04 17:37 - 2017-05-04 17:37 - 00027561 ____C C:\Users\Anya\Documents\colour task.pdf
2017-05-04 14:38 - 2017-05-04 14:38 - 00051394 ____C C:\Users\Anya\Documents\SETTL - Settlement Total Loss.pdf
2017-05-03 15:21 - 2017-05-03 15:21 - 00075168 ____C C:\Users\Anya\Documents\257899-4703260.pdf
2017-05-02 15:02 - 2017-05-02 15:02 - 00145651 ____C C:\Users\Anya\Documents\Civil Claims List.pdf
2017-05-02 12:48 - 2017-05-02 12:48 - 04452861 ____C C:\Users\Anya\Documents\Ultium-Competition-Sell-Sheet-2015.pdf
2017-04-30 20:16 - 2017-04-30 20:17 - 03610848 ____C C:\Users\Anya\Documents\DCRTRV280.pdf
2017-04-30 15:01 - 2017-04-30 15:02 - 03105609 ____C C:\Users\Anya\Documents\ZC429604ENmanual.pdf
2017-04-30 12:07 - 2017-04-30 12:08 - 05387546 ____C C:\Users\Anya\Downloads\Vintage talent.mp4
2017-04-28 09:23 - 2017-05-09 20:01 - 00004324 ____C C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-27 16:58 - 2017-04-27 16:58 - 00666584 ____C C:\Users\Anya\Documents\G1080SP-Manual.pdf
2017-04-27 16:58 - 2017-04-27 16:58 - 00479378 ____C C:\Users\Anya\Documents\-uploadfile-image-20141231023446015.PDF
2017-04-27 16:56 - 2017-04-27 17:07 - 56435638 ____C C:\Users\Anya\Documents\SJCam-SJ4000-Wi-Fi-Manual-2016-01-08-Rev-4.2.pdf
2017-04-27 16:50 - 2017-04-27 16:51 - 02144702 ____C C:\Users\Anya\Documents\SJ4500-SJ6000-SJ8000-swing-air-jacks.pdf
2017-04-27 16:31 - 2017-04-27 16:31 - 01578416 ____C C:\Users\Anya\Documents\82-19745.pdf
2017-04-27 16:31 - 2017-04-27 16:31 - 00352803 ____C C:\Users\Anya\Documents\VMS50-1080p-Full-HD-Action-Camera-User-Manual1.pdf
2017-04-27 16:28 - 2017-04-27 16:28 - 02307069 ____C C:\Users\Anya\Documents\GCXA1 DETAILED USER GUIDE.PDF
2017-04-27 13:50 - 2017-04-27 13:50 - 00180072 ____C C:\Users\Anya\Documents\363737323834373235373.pdf
2017-04-27 13:32 - 2017-04-27 13:32 - 00043703 ____C C:\Users\Anya\Documents\726-17_201703081314.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-23 14:23 - 2017-03-17 22:03 - 00000000 ___DC C:\ProgramData\VoodooShield
2017-05-23 14:21 - 2017-03-01 10:54 - 00000000 ___DC C:\FRST
2017-05-23 14:21 - 2017-03-01 10:49 - 00000000 ___DC C:\Users\Anya\Desktop\PCHF progs & prework
2017-05-23 14:17 - 2017-03-03 18:46 - 00004172 ____C C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-23 08:11 - 2009-07-14 14:45 - 00035088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-23 08:11 - 2009-07-14 14:45 - 00035088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-23 08:09 - 2017-01-02 17:06 - 00000000 ___DC C:\Users\Anya\AppData\LocalLow\Mozilla
2017-05-23 08:02 - 2009-07-14 15:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2017-05-23 08:01 - 2017-01-02 17:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-05-22 12:50 - 2017-04-09 20:38 - 00000000 ___DC C:\Users\Anya\Documents\apk files
2017-05-22 12:50 - 2017-01-02 15:52 - 00000000 ___DC C:\Users\Anya\Documents\computer
2017-05-20 12:00 - 2017-03-17 19:39 - 00217088 __SHC C:\Users\Anya\Documents\Thumbs.db
2017-05-20 11:50 - 2009-07-14 15:13 - 00781298 ____C C:\Windows\system32\PerfStringBackup.INI
2017-05-20 11:50 - 2009-07-14 13:20 - 00000000 ___DC C:\Windows\inf
2017-05-19 21:49 - 2017-02-08 08:43 - 00000000 ___DC C:\Users\Anya\Documents\hoofcare
2017-05-19 17:24 - 2017-01-02 15:54 - 00000000 ___DC C:\Users\Anya\Documents\dogs
2017-05-16 18:27 - 2017-01-02 14:34 - 00000000 ___DC C:\Users\Anya\AppData\Local\VirtualStore
2017-05-15 12:08 - 2017-01-19 18:53 - 00000000 ___DC C:\Users\Anya\Documents\land house building
2017-05-15 11:55 - 2017-03-17 22:03 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
2017-05-15 11:55 - 2017-03-17 22:03 - 00000000 ___DC C:\Program Files\VoodooShield
2017-05-13 08:42 - 2017-03-03 18:46 - 00158880 ____C (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-12 09:52 - 2017-01-02 14:34 - 00000000 ___DC C:\Users\Anya
2017-05-11 13:20 - 2017-01-19 14:47 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-05-10 18:08 - 2017-01-07 22:06 - 00000000 ___DC C:\Users\Anya\AppData\Local\ElevatedDiagnostics
2017-05-10 14:05 - 2017-03-23 19:57 - 00003890 ____C C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1490263047
2017-05-10 14:04 - 2017-03-03 18:46 - 00569192 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00339696 ____C (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00128648 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00101152 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00075704 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-10 14:04 - 2017-03-03 18:46 - 00038296 ____C (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-10 14:03 - 2017-03-03 22:55 - 00032600 ____C (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 01007160 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 00334576 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 00311808 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 00190256 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-10 14:03 - 2017-03-03 18:46 - 00049016 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-09 20:01 - 2017-01-03 15:33 - 00803320 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-09 20:01 - 2017-01-03 15:33 - 00144888 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 20:01 - 2017-01-03 15:33 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-05-09 20:01 - 2017-01-03 15:33 - 00000000 ___DC C:\Windows\system32\Macromed
2017-04-30 12:14 - 2017-02-16 21:02 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\vlc
2017-04-29 12:36 - 2017-02-08 08:55 - 00000000 ___DC C:\Users\Anya\Documents\stock crate
2017-04-28 09:25 - 2017-01-03 15:28 - 00000000 ___DC C:\Users\Anya\AppData\Local\Adobe
Some files in TEMP:
====================
2017-05-15 11:44 - 2017-05-15 11:45 - 14044240 ____C (VoodooSoft, LLC ) C:\Users\Anya\AppData\Local\Temp\InstallVoodooShield.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ==> Could not access BCD.
LastRegBack: 2017-01-03 08:54
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Anya (23-05-2017 14:25:33)
Running from C:\Users\Anya\Desktop\PCHF progs & prework
Windows 7 Professional Service Pack 1 (X64) (2017-01-02 04:34:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3010178862-2183218474-3834878404-500 - Administrator - Disabled)
Anya (S-1-5-21-3010178862-2183218474-3834878404-1000 - Administrator - Enabled) => C:\Users\Anya
Guest (S-1-5-21-3010178862-2183218474-3834878404-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3010178862-2183218474-3834878404-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Avast Pro Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 6.00 - NCH Software)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
KeepVid Pro(Build 6.1.2.7) (HKLM-x32\...\KeepVid Pro_is1) (Version: 6.1.2.7 - KeepVid Studio)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
MVHShellExtension (HKLM\...\{48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}) (Version: 1.0.0 - MyVirtualHome)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PlayMemories Home (HKLM-x32\...\{4F95DC94-A29D-41F6-AF34-15AA0D666186}) (Version: 5.4.00.04040 - Sony Corporation)
PMB_ModeEditor (x32 Version: 10.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.4.00 - Sony Corporation) Hidden
Quicken CashBook - Version 8 (HKLM-x32\...\Quicken CashBook - Version 8) (Version: - )
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Samsung SCX-4x21 Series (HKLM-x32\...\Samsung SCX-4x21 Series) (Version: - Samsung Electronics CO.,LTD)
situhome (HKLM-x32\...\{BDFC5012-189A-4D13-B1CF-279DF1D2F03B}) (Version: 5.0.5038 - Homesoft Pty. Ltd.)
situhome (x32 Version: 5.0.5038 - Homesoft Pty. Ltd.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VoodooShield version 3.59 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 3.59 - VoodooSoft, LLC)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Wings 3D 2.1.5 (HKLM-x32\...\Wings 3D 2.1.5) (Version: - )
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1D21AFD6-05CE-42F3-BA96-FFCAC4689FA6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {2D435836-863C-4DA4-8663-A21C47D8152A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-14] (AVAST Software)
Task: {3F9980F9-DAF0-4FE8-B0FF-7F798D59F9D3} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Anya\Desktop\PCHF progs & prework\PrivaZer.exe [2017-03-03] (Goversoft LLC)
Task: {62DE036A-55A0-4965-B5C8-54174D692686} - System32\Tasks\SafeZone scheduled Autoupdate 1490263047 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {A45BEA91-28D9-4894-A3E1-614E4D959593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {D798EEE4-BD9A-4DE9-B8B4-252DDADD783C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-10] (AVAST Software)
Task: {F518A539-8368-4C38-945A-4C22F794512E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-05-10 18:22 - 2009-10-13 18:44 - 00022016 ____C () C:\Windows\System32\sugw2l6.dll
2017-03-17 22:03 - 2017-05-01 12:35 - 00265040 ____C () C:\Program Files\VoodooShield\Features.dll
2017-05-12 09:52 - 2017-04-13 16:27 - 00033992 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
2017-05-12 09:51 - 2017-04-13 15:58 - 01778688 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\WUL.Ctrls.dll
2017-05-12 09:51 - 2017-04-13 15:58 - 00758784 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\WUL.Core.dll
2017-05-12 09:51 - 2017-04-13 15:58 - 00046080 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\WUL.Localization.dll
2017-05-12 09:52 - 2017-04-13 16:26 - 00113664 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\Tasks.dll
2017-05-12 09:52 - 2017-04-13 16:26 - 00139776 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\Utility.dll
2017-01-04 13:53 - 2017-01-04 13:53 - 03052032 ____C () C:\Windows\assembly\NativeImages_v4.0.30319_64\PaintDotNetc8826574#\1231046019f02411806acdb82aa3f17a\PaintDotNet.SystemLayer.Native.x64.ni.dll
2016-12-12 16:01 - 2016-12-12 16:01 - 01083088 ____C () C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00170216 ____C () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00176992 ____C () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00223224 ____C () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-23 07:56 - 2017-05-23 07:56 - 05980160 ____C () C:\Program Files\AVAST Software\Avast\defs\17052202\algo.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00684656 ____C () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00230632 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00997896 ____C () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 67717632 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-10 14:03 - 2017-05-10 14:03 - 00291824 ____C () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-12 09:52 - 2016-10-08 17:03 - 01506304 ____C () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2017-05-12 09:52 - 2016-07-21 10:54 - 00137728 ____C () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2017-01-02 17:35 - 2000-07-20 10:27 - 00316416 ____C () C:\Program Files (x86)\QUICKENW\BAS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:34 - 2017-03-03 14:18 - 00000089 _RSHC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5EB3DB86-2C8F-478D-AE21-5C7D6B6FA9D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{615F7A83-9DCE-4BE8-9D0E-0D4AF4FED0E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5E89A639-19DC-4FBE-B92A-FDDBB5AAB57C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{9741C565-BB61-497F-8BED-710D4AD42CC0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
==================== Restore Points =========================
15-05-2017 12:19:04 Installed DirectX
==================== Faulty Device Manager Devices =============
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/23/2017 08:03:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/15/2017 11:41:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/08/2017 10:24:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/01/2017 04:59:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/27/2017 09:55:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/15/2017 01:57:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/12/2017 09:18:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a144
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25
Exception code: 0xc0000005
Fault offset: 0x0000000000001098
Faulting process id: 0x1120
Faulting application start time: 0x01d2ae61e824bdd2
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\DUI70.dll
Report Id: c145a501-1f71-11e7-9c5c-0024e8dc6112
Error: (03/26/2017 10:07:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/26/2017 10:04:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/24/2017 10:24:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (05/23/2017 02:16:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (05/23/2017 02:16:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (05/23/2017 02:16:55 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (05/23/2017 02:16:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (05/23/2017 02:16:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (05/23/2017 02:16:45 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (05/23/2017 11:20:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (05/23/2017 11:20:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (05/23/2017 11:20:04 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (05/23/2017 09:40:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
CodeIntegrity:
===================================
Date: 2017-03-07 22:03:56.503
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-07 22:03:56.503
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P9400 @ 2.40GHz
Percentage of memory in use: 76%
Total physical RAM: 4047.92 MB
Available physical RAM: 970.39 MB
Total Virtual: 8094.04 MB
Available Virtual: 2263.15 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.46 GB) (Free:79.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C8B9BFB9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=504 MB) - (Type=27)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-03-01 12:10:33
-----------------------------
12:10:33.299 OS Version: Windows x64 6.1.7601 Service Pack 1
12:10:33.299 Number of processors: 2 586 0x170A
12:10:33.301 ComputerName: ANYA-PC UserName: Anya
12:10:36.188 Initialize success
12:10:36.870 VM: initialized successfully
12:10:36.873 VM: Intel CPU BiosDisabled
12:17:41.631 AVAST engine defs: 17010903
12:19:02.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:19:02.670 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
12:19:02.896 Disk 0 MBR read successfully
12:19:02.899 Disk 0 MBR scan
12:19:02.906 Disk 0 Windows 7 default MBR code
12:19:02.920 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:19:02.926 Disk 0 default boot code
12:19:02.939 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152019 MB offset 206848
12:19:02.973 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 504 MB offset 311543808
12:19:03.034 Disk 0 scanning C:\Windows\system32\drivers
12:19:15.284 Service scanning
12:19:43.094 Modules scanning
12:19:43.106 Disk 0 trace - called modules:
12:19:43.152 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:19:43.158 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800439d060]
12:19:43.164 3 CLASSPNP.SYS[fffff880011d143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040b5680]
12:19:44.592 AVAST engine scan C:\Windows
12:19:47.579 AVAST engine scan C:\Windows\system32
12:32:25.222 AVAST engine scan C:\Windows\system32\drivers
12:34:02.728 AVAST engine scan C:\Users\Anya
13:20:58.634 AVAST engine scan C:\ProgramData
13:22:09.962 Disk 0 statistics 4191535/0/0 @ 0.96 MB/s
13:22:10.019 Scan finished successfully
13:37:13.672 Disk 0 MBR has been saved successfully to "C:\Users\Anya\Desktop\PC prework\MBR.dat"
13:37:13.722 The log file has been saved successfully to "C:\Users\Anya\Desktop\PC prework\aswMBR.txt"
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-05-23 14:23:25
-----------------------------
14:23:25.802 OS Version: Windows x64 6.1.7601 Service Pack 1
14:23:25.802 Number of processors: 2 586 0x170A
14:23:25.802 ComputerName: ANYA-PC UserName: Anya
14:23:37.388 Initialize success
14:23:37.437 VM: initialized successfully
14:23:37.437 VM: Intel CPU BiosDisabled
14:23:47.257 AVAST engine defs: 17052202
14:48:47.808 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:48:47.811 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
14:48:48.034 Disk 0 MBR read successfully
14:48:48.038 Disk 0 MBR scan
14:48:48.057 Disk 0 Windows 7 default MBR code
14:48:48.080 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:48:48.087 Disk 0 default boot code
14:48:48.099 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152019 MB offset 206848
14:48:48.133 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 504 MB offset 311543808
14:48:48.179 Disk 0 scanning C:\Windows\system32\drivers
14:49:19.246 Service scanning
14:50:16.829 Modules scanning
14:50:16.831 Disk 0 trace - called modules:
14:50:16.899 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:50:16.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004617060]
14:50:16.901 3 aswSP.sys[fffff88003c45432] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004091060]
14:50:19.053 AVAST engine scan C:\Windows
14:50:21.955 AVAST engine scan C:\Windows\system32
14:53:21.170 AVAST engine scan C:\Windows\system32\drivers
14:53:31.634 AVAST engine scan C:\Users\Anya
15:08:40.594 File: C:\Users\Anya\Desktop\PCHF progs & prework\zoek.exe **INFECTED** Win32:Malware-gen
15:08:46.105 File: C:\Users\Anya\Documents\computer\malware & tuneup\zoek(1).exe **INFECTED** Win32:Malware-gen
16:32:06.593 AVAST engine scan C:\ProgramData
16:33:07.847 Disk 0 statistics 4325060/0/0 @ 1.56 MB/s
16:33:07.872 Scan finished successfully
16:42:07.181 Disk 0 MBR has been saved successfully to "C:\Users\Anya\Desktop\PCHF progs & prework\MBR.dat"
16:42:07.206 The log file has been saved successfully to "C:\Users\Anya\Desktop\PCHF progs & prework\aswMBR.txt"