Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Avast shield disabled at startup, etc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Avast shield disabled at startup, etc

Unread postby mAL_rEm018 » April 14th, 2017, 11:25 am

Hello rbd,

rbd wrote:Please let me know when I can safely re-install Firefox.

Please find the instructions to re-install Firefox below. I have also included the steps to do a fresh install of Avast!

To re-install Firefox, please do the following..
  • Please use the following link to download and save Firefox to your desktop: Firefox.
  • Right-Click on Firefox Setup Stub 52.0.2 and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • Select Install and the program will start to install itself.
  • Once the process is over, your browser should automatically open.
    Please be careful and uncheck any bundled offer.


Please download the following tools to your desktop..

Do not run the tools now! We will do this later.

Before we remove Avast!, it is critical to make sure that the Windows Firewall is enabled. ----> Do Not skip this step!
  • Open the Start menu and click on Control Panel.
  • Select System and Security and Windows Firewall.
  • In your case the Windows Firewall should already state Connected. You can now proceed to the next step.
  • In the event that it is not connected, please contine with this step.
  • Click on Turn Windows Firewall on or off from the left pane.
  • Please ensure that both options to Turn on Windows Firewall are selected.
  • Click on OK and close the Windows Firewall window.


From this point forward, please close all open programs and browsers. I would also advise you to print out the instructions, since you should never browse the web without an Antivirus. This does not mean that you should disconnect your internet connection.. You need to have an internet connection in order to re-install Avast!


Removing a program in Windows 7
  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:
    • Avast Free Antivirus
  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.


Reboot your computer in Safe Mode
  • Shutdown your computer.
  • Wait 30 seconds.
  • Restart your computer and begin tapping the F8 key in 1 second intervals.
    If the F8 key doesn't work, please try the F5 key.
  • The Windows Advanced Options Menu should now be displayed on your screen.
  • By using the up/down arrow keys, select Safe Mode.
  • Press Enter and log onto your computer with an administrator account.


Running the Avast Uninstall Utility
  • Right-click on aswclear.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • The Avast Uninstall Utility screen will open.
  • Please select Avast Free Antivirus from the drop-down menu.
  • Click Uninstall.
  • Once the process is over a message stating The product was successfully uninstalled will appear.
  • Select Restart computer.


Once your computer is restarted..
  • Right-click on avast_free_antivirus_setup_online_cnet2.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • Please read the EULA (End User License Agreement) before continuing any further.
    Make sure to Uncheck any bundled software offers!
  • Select Install.
  • Avast! will now start to install itself. This might take a while, so please be patient.
  • Once the process is over, a window stating You are protected will appear.
  • Click on Continue.
  • Read carefully the message displayed in the Please don't skip this window and select Continue.
  • Follow the rest of the instructions on screen attentively.
  • Once the process is over, Avast! will open. My advise is to register the software right-away.
At this point, you should restart your computer to ensure that Avast! is completely installed.


Were you able to successfully uninstall/reinstall Avast?
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove

Re: Avast shield disabled at startup, etc

Unread postby rbd » April 15th, 2017, 8:20 pm

Hello mAL,

- Firefox
Yesterday I re-installed Firefox without any problems.
Strangely, even thought I had backed up my bookmarks on both administrator and user profile, after reinstalling the bookmarks in the administrator profile were still present, while in the user profile they weren't and I had to restore them.

- Warning
This afternoon I got a warning again from Avast!. This time the threat was different, but I was on the same website as previously. Please see attached screenshot. I didn't have the chance to take it as it happened directly, so I took it afterwards from the list of warnings in Avast!

- Behaviour shield
Tonight the behaviour shield was switched off again, after I started the system (it wasn't the first boot since after the warning in the afternoon, though).

- Avast! re-install
I did this tonight and it went smoothly.
Note: when I used aswclear, there was no option for "Avast free Antivirus" per se. I chose the option "avast! 7 Free/Pro/Internet Security" as I thought it was the closest. I hope it was ok. It did say that it had removed a few things (I have a screenshot saved if you need to see it).
You do not have the required permissions to view the files attached to this post.
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Avast shield disabled at startup, etc

Unread postby mAL_rEm018 » April 16th, 2017, 4:49 pm

Hello rbd,

rbd wrote:This afternoon I got a warning again from Avast!. This time the threat was different, but I was on the same website as previously. Please see attached screenshot. I didn't have the chance to take it as it happened directly, so I took it afterwards from the list of warnings in Avast!

The site you mention is not infected, however there are several ads displayed and some of them are very questionable. I personally don't visit streaming websites as they are usually filled with ads and you never know what to expect. In any case, the pop-ups you receive from Avast! are due to you accessing this website. If you want I can give you the instructions to remove the alerts while you visit this website, however I would advise against it.

rbd wrote:- Behaviour shield
Tonight the behaviour shield was switched off again, after I started the system (it wasn't the first boot since after the warning in the afternoon, though).

Try the following..
  • Open Avast! and click on Settings.
  • Select the Components tab.
  • If you click on the Red "X" are your able to turn on the Behaviour Shield?

I need to see a fresh FRST log..

  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update. Please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble while following the instructions?
  • Answer to my questions.
  • FRST.txt
  • Addition.txt
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Avast shield disabled at startup, etc

Unread postby rbd » April 16th, 2017, 7:53 pm

Hello mAL,

The site you mention is not infected, however there are several ads displayed and some of them are very questionable. I personally don't visit streaming websites as they are usually filled with ads and you never know what to expect. In any case, the pop-ups you receive from Avast! are due to you accessing this website. If you want I can give you the instructions to remove the alerts while you visit this website, however I would advise against it.


When browsing I use Firefox with NoScript add-on, so I can decide which scripts to allow, thus minimising or avoiding ads. Nevertheless it's not perfect.
I'd rather keep the alerts: it's good if I see them, so I know what's happening.
I just wanted to understand whether it means Avast! is really stopping those threats, or some of them might have gone through.

- Behaviour Shield
That's how I always do it. I just wonder how powerful those threats are if they can disable the shield. If they are really able to do so, doesn't it mean that some infection has gone through to my laptop and is resident so that it is able to disable the shield in Avast! ?

- FRST logs
FRST log and Addition log pasted below.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-04-2017
Ran by Administrator1 (administrator) on TOSHIBA (17-04-2017 00:33:51)
Running from C:\Users\Administrator1\Desktop
Loaded Profiles: Administrator1 (Available Profiles: Administrator1 & Pietro)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\System32\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(DTS, Inc.) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [996192 2013-05-21] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] ()
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [293760 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2013-10-11] (Toshiba Europe GmbH)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-16] (AVAST Software)
HKLM-x32\...\Run: [DTS Sound] => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe [1471296 2013-06-01] (DTS, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-16] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-05-04]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4D779444-73DC-46D2-BB79-D871AC6C29CF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{78BDAA79-C3A1-4667-8655-49D6221C5566}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_b
SearchScopes: HKU\S-1-5-21-2246960787-3754121387-607372831-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-16] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-03-06] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-16] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://192.168.0.220/WebClient.exe
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-02-22] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default [2017-04-17]
FF Extension: (NoScript) - C:\Users\Administrator1\AppData\Roaming\Mozilla\Firefox\Profiles\afvj626a.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-19]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-23] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default [2017-04-13]
CHR Extension: (Google Slides) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-24]
CHR Extension: (Google Docs) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-24]
CHR Extension: (Google Drive) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Avast Online Security) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-19]
CHR Extension: (Google Sheets) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-24]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-19]
CHR Extension: (IE Tab) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2016-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Gmail) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-24]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-16] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-16] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-06-01] ()
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [92792 2007-11-06] (CACE Technologies)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-16] (AVAST Software s.r.o.)
R0 aswbidsh; C:\windows\system32\drivers\aswbidsha.sys [189768 2017-04-16] (AVAST Software s.r.o.)
R0 aswblog; C:\windows\system32\drivers\aswbloga.sys [334088 2017-04-16] (AVAST Software s.r.o.)
R0 aswbuniv; C:\windows\system32\drivers\aswbuniva.sys [48528 2017-04-16] (AVAST Software s.r.o.)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [38296 2017-04-16] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [127112 2017-04-16] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [101152 2017-04-16] (AVAST Software)
R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [75704 2017-04-16] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1005048 2017-04-16] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [556784 2017-04-16] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [164064 2017-04-16] (AVAST Software)
R0 aswVmm; C:\windows\system32\drivers\aswVmm.sys [339696 2017-04-16] (AVAST Software)
R0 iaStorF; C:\windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-11] (Intel Corporation)
R3 L1C; C:\windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
S3 NPF; C:\windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE Technologies)
R3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-03] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-17 00:33 - 2017-04-17 00:34 - 00019956 _____ C:\Users\Administrator1\Desktop\FRST.txt
2017-04-17 00:33 - 2017-04-17 00:33 - 00000000 ____D C:\Users\Administrator1\Desktop\FRST-OlderVersion
2017-04-16 01:35 - 2017-04-16 01:35 - 00000000 ____D C:\Users\Pietro\AppData\Roaming\AVAST Software
2017-04-16 00:51 - 2017-04-16 00:51 - 00000000 ____D C:\Users\Administrator1\AppData\Roaming\AVAST Software
2017-04-16 00:50 - 2017-04-16 21:05 - 00004172 _____ C:\windows\System32\Tasks\Avast Emergency Update
2017-04-16 00:50 - 2017-04-16 00:50 - 00556784 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2017-04-16 00:50 - 2017-04-16 00:50 - 00399944 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-04-16 00:50 - 2017-04-16 00:50 - 00339696 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2017-04-16 00:50 - 2017-04-16 00:50 - 00164064 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2017-04-16 00:50 - 2017-04-16 00:50 - 00127112 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-04-16 00:50 - 2017-04-16 00:50 - 00101152 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-04-16 00:50 - 2017-04-16 00:50 - 00075704 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-04-16 00:50 - 2017-04-16 00:50 - 00038296 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-04-16 00:50 - 2017-04-16 00:50 - 00001893 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-04-16 00:50 - 2017-04-16 00:50 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2017-04-16 00:50 - 2017-04-16 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-16 00:50 - 2017-04-16 00:49 - 01005048 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2017-04-16 00:50 - 2017-04-16 00:49 - 00334088 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbloga.sys
2017-04-16 00:50 - 2017-04-16 00:49 - 00307736 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsdrivera.sys
2017-04-16 00:50 - 2017-04-16 00:49 - 00189768 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsha.sys
2017-04-16 00:50 - 2017-04-16 00:49 - 00048528 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbuniva.sys
2017-04-16 00:48 - 2017-04-16 00:48 - 00000000 ____D C:\Program Files\AVAST Software
2017-04-16 00:34 - 2017-04-16 00:34 - 00000000 _____ C:\windows\SysWOW64\config.nt
2017-04-16 00:08 - 2017-04-16 00:09 - 06654960 _____ (AVAST Software) C:\Users\Administrator1\Desktop\avast_free_antivirus_setup_online_cnet2.exe
2017-04-16 00:08 - 2017-04-16 00:08 - 00326144 _____ (AVAST Software) C:\Users\Administrator1\Desktop\aswclear.exe
2017-04-14 20:05 - 2017-04-14 20:05 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-14 20:05 - 2017-04-14 20:05 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-14 20:05 - 2017-04-14 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-13 00:33 - 2017-04-14 01:00 - 00000879 _____ C:\Users\Administrator1\Desktop\Fixlog.txt
2017-04-11 23:36 - 2017-04-11 23:36 - 00000606 _____ C:\Users\Administrator1\Desktop\SystemLook.txt
2017-04-11 23:35 - 2017-04-11 23:35 - 00096256 _____ C:\Users\Administrator1\Desktop\SystemLook_x64.exe
2017-04-10 22:51 - 2017-04-10 22:53 - 00003783 _____ C:\Users\Administrator1\Desktop\Avast WebShield excerpt.txt
2017-04-10 22:46 - 2017-04-10 22:46 - 00001058 _____ C:\Users\Administrator1\Desktop\MBAM log.txt
2017-04-09 23:06 - 2017-04-09 23:06 - 00002149 _____ C:\Users\Administrator1\Desktop\SearchReg.txt
2017-04-09 22:56 - 2017-04-09 23:18 - 00000000 ____D C:\AdwCleaner
2017-04-09 22:55 - 2017-04-09 22:55 - 04089296 _____ C:\Users\Administrator1\Desktop\AdwCleaner.exe
2017-04-09 22:54 - 2017-04-09 22:54 - 00000207 _____ C:\windows\tweaking.com-regbackup-TOSHIBA-Windows-7-Professional-(64-bit).dat
2017-04-09 22:54 - 2017-04-09 22:54 - 00000000 ____D C:\RegBackup
2017-04-09 22:53 - 2017-04-09 22:53 - 00002246 _____ C:\Users\Administrator1\Desktop\Tweaking.com - Registry Backup.lnk
2017-04-09 22:53 - 2017-04-09 22:53 - 00000000 ____D C:\Users\Administrator1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-04-09 22:53 - 2017-04-09 22:53 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-04-09 16:19 - 2017-04-09 22:53 - 00019826 _____ C:\windows\Tweaking.com - Registry Backup Setup Log.txt
2017-04-06 22:27 - 2017-04-11 23:39 - 00034237 _____ C:\Users\Administrator1\Desktop\Addition1.txt
2017-04-06 22:25 - 2017-04-11 23:39 - 00067387 _____ C:\Users\Administrator1\Desktop\FRST1.txt
2017-04-06 22:22 - 2017-04-06 22:08 - 00000923 _____ C:\Users\Administrator1\Desktop\MR post.txt
2017-04-06 22:09 - 2017-04-17 00:33 - 00000000 ____D C:\FRST
2017-04-06 21:58 - 2017-04-17 00:33 - 02424320 _____ (Farbar) C:\Users\Administrator1\Desktop\FRST64.exe
2017-03-22 01:01 - 2017-03-08 05:33 - 03165184 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2017-03-22 01:01 - 2017-03-08 05:33 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2017-03-22 01:01 - 2017-03-08 05:33 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2017-03-22 01:01 - 2017-03-08 05:31 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2017-03-22 01:01 - 2017-03-08 05:22 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2017-03-22 01:01 - 2017-03-08 05:18 - 02651136 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2017-03-22 01:01 - 2017-03-08 05:16 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2017-03-22 01:01 - 2017-03-08 05:16 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2017-03-22 01:01 - 2017-03-08 05:16 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2017-03-22 01:01 - 2017-03-08 05:16 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2017-03-22 01:01 - 2017-03-08 05:16 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2017-03-22 01:01 - 2017-03-08 05:16 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2017-03-22 01:01 - 2017-03-08 05:07 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2017-03-22 01:01 - 2017-03-08 05:06 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2017-03-22 01:01 - 2017-03-08 05:06 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2017-03-22 01:01 - 2017-03-08 05:06 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2017-03-22 01:01 - 2017-02-14 17:33 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2017-03-22 01:01 - 2017-02-14 17:19 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2017-03-22 01:01 - 2017-02-11 17:33 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2017-03-22 01:01 - 2017-02-11 17:16 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2017-03-22 01:01 - 2017-02-09 17:32 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2017-03-22 01:01 - 2017-02-09 17:32 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2017-03-22 01:01 - 2017-02-09 17:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:36 - 00011608 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-03-22 01:01 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-03-19 00:23 - 2017-03-19 00:25 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-03-19 00:23 - 2017-03-19 00:25 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-17 00:27 - 2016-11-17 00:16 - 00000000 ____D C:\Users\Administrator1\AppData\LocalLow\Mozilla
2017-04-16 23:35 - 2009-07-14 05:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-16 23:35 - 2009-07-14 05:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-16 23:34 - 2015-09-06 15:40 - 00000000 ____D C:\Users\Pietro\Documents\Sport
2017-04-16 23:17 - 2016-11-18 21:41 - 00000000 ____D C:\Users\Pietro\AppData\LocalLow\Mozilla
2017-04-16 20:56 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-04-16 11:00 - 2014-05-05 19:12 - 00000000 ____D C:\Users\Pietro\AppData\Roaming\Skype
2017-04-16 00:50 - 2015-12-06 14:37 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-16 00:43 - 2014-04-29 00:35 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-16 00:29 - 2015-04-12 23:10 - 00461274 _____ C:\windows\ntbtlog.txt
2017-04-16 00:04 - 2015-03-28 14:20 - 00000000 ____D C:\Users\Administrator1\AppData\Local\CutePDF Writer
2017-04-14 20:13 - 2014-05-03 17:03 - 00000000 ____D C:\Users\Pietro\AppData\Roaming\Mozilla
2017-04-13 00:59 - 2015-11-24 15:51 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-13 00:59 - 2015-11-24 15:51 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-13 00:37 - 2015-11-26 01:37 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-04-13 00:34 - 2015-08-11 13:53 - 00000000 ____D C:\Users\Pietro\AppData\LocalLow\Temp
2017-04-13 00:33 - 2009-07-14 04:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2017-04-13 00:33 - 2009-07-14 04:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2017-04-12 18:31 - 2014-05-03 16:50 - 00111872 _____ C:\Users\Pietro\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-11 23:31 - 2014-04-21 20:00 - 00111872 _____ C:\Users\Administrator1\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-11 23:28 - 2009-07-14 05:45 - 00438632 _____ C:\windows\system32\FNTCACHE.DAT
2017-04-11 23:26 - 2016-07-13 22:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-04-10 22:44 - 2014-09-06 16:15 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-04 22:28 - 2015-11-26 03:02 - 00000000 ____D C:\Users\Pietro\AppData\Local\IE Tab
2017-04-02 23:25 - 2017-01-21 01:06 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Administrator1\Desktop\esetonlinescanner_enu.exe
2017-04-02 09:43 - 2015-07-11 11:37 - 00000019 _____ C:\Users\Pietro\Desktop\time.txt
2017-04-02 09:33 - 2009-07-14 06:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2017-04-02 09:33 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf
2017-04-01 20:24 - 2013-10-11 23:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-31 08:18 - 2014-09-27 16:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-31 08:18 - 2013-12-06 13:52 - 00000000 ____D C:\ProgramData\Skype
2017-03-30 01:17 - 2009-07-14 06:08 - 00032620 _____ C:\windows\Tasks\SCHEDLGU.TXT
2017-03-30 00:28 - 2015-11-24 15:52 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-30 00:28 - 2015-11-24 15:52 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-28 22:24 - 2014-09-06 16:02 - 00000000 ____D C:\ProgramData\TEMP
2017-03-28 22:24 - 2014-09-06 16:02 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-03-21 22:11 - 2013-10-11 23:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-20 02:33 - 2014-09-04 00:42 - 00000000 ____D C:\Users\Pietro\AppData\Local\CutePDF Writer
2017-03-19 00:25 - 2014-09-02 22:57 - 00000000 ____D C:\Users\Administrator1\AppData\Local\Adobe
2017-03-19 00:25 - 2013-10-11 22:58 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-03-19 00:25 - 2013-10-11 22:58 - 00000000 ____D C:\windows\system32\Macromed
2017-03-18 12:28 - 2015-11-24 15:39 - 00000000 ____D C:\Users\Pietro\AppData\Local\Google

Some files in TEMP:
====================
2017-04-16 10:22 - 2017-04-16 10:23 - 57886168 _____ (Skype Technologies S.A.) C:\Users\Pietro\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-05 22:10

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-04-2017
Ran by Administrator1 (17-04-2017 00:34:48)
Running from C:\Users\Administrator1\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-21 18:53:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2246960787-3754121387-607372831-500 - Administrator - Disabled)
Administrator1 (S-1-5-21-2246960787-3754121387-607372831-1000 - Administrator - Enabled) => C:\Users\Administrator1
Guest (S-1-5-21-2246960787-3754121387-607372831-501 - Limited - Disabled)
Pietro (S-1-5-21-2246960787-3754121387-607372831-1001 - Limited - Enabled) => C:\Users\Pietro

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.4.1245.72462 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.4.1245.72462 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 2.0.0.9 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.13(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ControlCenter (HKLM-x32\...\{E5EDA1E6-5FDD-4B29-8399-6022B81C3A7C}) (Version: - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DTS Sound (HKLM-x32\...\{791692AD-63B2-4A87-A097-4E8DD3CE4BC9}) (Version: 1.00.0079 - DTS, Inc.)
Filzip 3.06 (HKLM-x32\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
H264 Video Codec (HKLM-x32\...\H264) (Version: - T,DP5)
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3293 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft Office 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Italiano (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
NVMS-1000 (HKLM-x32\...\{706F1178-8CDB-45E5-B05F-D1950D9D17DF}) (Version: 2.0.0.2 - )
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Skype™ 7.34 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.34.102 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.04.01 - Toshiba Client Solutions Co., Ltd.)
TOSHIBA Battery Manager (HKLM\...\{D7C7641F-0C96-4635-BFE1-29EBB3B05CC8}) (Version: 9.0.0.64 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.12 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.23.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.01.6402 - Toshiba Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0029 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.14 - TOSHIBA Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.14 - TOSHIBA)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.0.6402 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.0.6404 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0011 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.1.6401 - Toshiba Corporation)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebClient (HKLM-x32\...\WebClient) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.0.2 (HKLM-x32\...\WinPcapInst) (Version: 4.0.0.1040 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2246960787-3754121387-607372831-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {084C7E76-5E3C-4D81-8657-D585756DF621} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {146333AA-166F-4CBE-956A-BDF9B888674D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-24] (Google Inc.)
Task: {2A79736B-BC7E-4015-AA73-DDF32ABA5555} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-16] (AVAST Software)
Task: {2BCD3E4C-A771-496C-AF4F-69B52497C11E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-26] (Microsoft Corporation)
Task: {2FE6EA4F-8EF6-4454-AD92-F7121A71B652} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-24] (Google Inc.)
Task: {57E48622-56EA-4504-8EA6-018F6268D2B7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {6659460F-E451-47A4-9CE9-F2E27F959E05} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {B6A1C5CB-B095-48A6-B1F5-2D4FDD7059EF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-16] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-12-06 13:28 - 2010-09-10 17:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2014-08-28 22:47 - 2013-10-23 14:24 - 00087600 _____ () C:\windows\System32\cpwmon64.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-01 00:56 - 2013-06-01 00:56 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2017-04-16 00:49 - 2017-04-16 00:49 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-04-16 00:49 - 2017-04-16 00:49 - 00790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-04-16 00:49 - 2017-04-16 00:49 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2016-03-14 21:52 - 2017-04-01 20:22 - 08930496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2011-08-22 23:19 - 2011-08-22 23:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2012-03-03 00:08 - 2012-03-03 00:08 - 00595840 _____ () C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2010-12-16 00:19 - 2010-12-16 00:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2012-04-12 02:05 - 2012-04-12 02:05 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2017-04-16 00:49 - 2017-04-16 00:49 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-16 00:49 - 2017-04-16 00:49 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-16 00:49 - 2017-04-16 00:49 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-17 00:28 - 2017-04-17 00:28 - 05917184 _____ () C:\Program Files\AVAST Software\Avast\defs\17041600\algo.dll
2017-04-16 00:49 - 2017-04-16 00:49 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-05-07 20:55 - 2012-05-07 20:55 - 00178104 _____ () C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2246960787-3754121387-607372831-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-04-13 00:33 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2246960787-3754121387-607372831-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4296F291-213E-44FC-B291-445309D770B1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED0E5E14-C822-4331-B83C-081848F6852C}] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{0DCF30F8-9976-4A13-A374-9F14D32AC006}] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{D654BC83-80E5-41CD-B365-6BAED47921CD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{77A4AEF1-83CE-43FD-B9AE-6DA6288B2E18}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1F631B2B-5D98-401B-976B-85A785D1C9A5}] => (Allow) C:\Users\Administrator1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E776AB36-B620-4A00-8133-20441BBA7901}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1CDA2465-3886-4465-B515-6F0D6CEE8C3D}] => (Allow) LPort=2869
FirewallRules: [{A0BDDE8A-B7FE-4778-AFA6-EAE70D2C5B58}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{CE306CA1-5DC0-4815-8C6F-45808F475E70}C:\program files (x86)\controlcenter\controlcenter.exe] => (Allow) C:\program files (x86)\controlcenter\controlcenter.exe
FirewallRules: [UDP Query User{19313C13-F158-455E-901A-FB144D55676F}C:\program files (x86)\controlcenter\controlcenter.exe] => (Allow) C:\program files (x86)\controlcenter\controlcenter.exe
FirewallRules: [{3DEC5774-EC37-466D-BA1C-7B20C452AAD4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{18B3C83B-AE60-4FBD-9F43-9B4D13A1AB72}C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe] => (Allow) C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe
FirewallRules: [UDP Query User{02A0693B-0043-41A4-99DB-429F45DD13A7}C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe] => (Allow) C:\program files (x86)\nvms-1000\nvms-1000 client\nvms-1000.exe
FirewallRules: [{D560366C-E366-4326-8512-F1FF7B390939}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{37ED6C6D-9F64-4C18-9211-F0F6FA5C2B90}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A8AABE8D-A824-4343-A84B-F3BB9DACECE6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE8AD0C8-466D-41DD-BB34-D9FAB89EE781}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{89082BC5-642B-4427-8812-1E1C4C1F044B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3965085B-786D-49D1-A715-2E67065369EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8F97AF21-8E48-4091-8D27-42DDFC527491}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86553C5D-ED3C-4553-8EA3-64A52FC83504}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

03-03-2017 21:46:14 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
10-03-2017 02:45:31 Windows Update
17-03-2017 22:06:02 Windows Update
22-03-2017 01:02:18 Windows Update
08-04-2017 23:48:39 Windows Backup
13-04-2017 00:33:37 Restore Point Created by FRST
14-04-2017 00:11:48 Windows Backup
14-04-2017 00:59:19 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2017 08:57:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/16/2017 10:08:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/16/2017 01:02:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/16/2017 12:41:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/16/2017 12:30:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/16/2017 12:26:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/16/2017 12:18:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/15/2017 11:52:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/15/2017 11:03:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/14/2017 07:51:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (04/16/2017 12:29:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 12:29:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 12:29:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 12:29:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 12:29:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 12:29:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 12:29:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 12:29:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (04/16/2017 12:29:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/16/2017 12:29:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


CodeIntegrity:
===================================
Date: 2016-08-13 17:06:13.988
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-13 17:06:13.894
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-23 00:59:45.944
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-23 00:59:45.648
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-21 23:27:26.038
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-21 23:27:25.788
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-20 22:09:58.100
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-20 22:09:57.804
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-19 21:57:51.897
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-19 21:57:51.804
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 4008.05 MB
Available physical RAM: 1937.25 MB
Total Virtual: 8014.29 MB
Available Virtual: 5820.31 MB

==================== Drives ================================

Drive c: (TI31224900A) (Fixed) (Total:453.87 GB) (Free:390.14 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 628BBA91)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)

==================== End of Addition.txt ============================
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Avast shield disabled at startup, etc

Unread postby mAL_rEm018 » April 17th, 2017, 4:39 pm

Hello rbd,

rbd wrote:When browsing I use Firefox with NoScript add-on, so I can decide which scripts to allow, thus minimising or avoiding ads. Nevertheless it's not perfect.
I'd rather keep the alerts: it's good if I see them, so I know what's happening.
I just wanted to understand whether it means Avast! is really stopping those threats, or some of them might have gone through.

No Antivirus can catch every threat and as I mentioned before the website has very questionable ads. The best way not to catch an infection is to avoid going to it again, otherwise you are just playing with fire.

rbd wrote:- Behaviour Shield
That's how I always do it. I just wonder how powerful those threats are if they can disable the shield. If they are really able to do so, doesn't it mean that some infection has gone through to my laptop and is resident so that it is able to disable the shield in Avast! ?

This issue is most likely caused by software conflict or a bug in Avast. There was a similar problem with Avast a few years ago and a clean install of the Antivirus usually fixed the problem. In any case, your FRST logs are clean and the other scans didn't reveal anything. Let's install the new version of Malwarebytes and run a scan with it. If it comes back clean, then I will refer you to the Avast forum.


Removing a program in Windows 7
  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:
    Malwarebytes Anti-Malware version 2.2.1.1043
  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
Note: you can only remove one program at a time.

Next..

  • Please download Malwarebytes Anti-Malware from Here
  • Save it to your Desktop.
  • Right-Click on mb3-setup-consumer-3.0.6.1469-10103.exe and select Run as Administrator.
  • Follow the instructions on the screen to install the program.
  • Once the installation process is over Malwarebytes should automatically open.
  • Click on Check for Updates
  • Once the updates have been installed, select the Scan tab.
  • Ensure that Threat Scan is selected and click on Start Scan.
  • Once the scan is completed, if there has been any detections, select Apply Actions.
  • You will most likely be prompted to restart your computer, if so please allow the reboot.


Once your computer is restarted, please do the following..

  • Open Malwarebytes Anti-Malware and click on Reports.
  • Double-click on the Scan Report by looking at the timestamp (it should be in the following order: Day/Month/Year Time)
  • Click Export and select Text file (*.txt).
  • In the File name: box, please write MBAM Log and save it to your desktop.
  • Once the process is over, a message will appear stating that the file has been successfully exported. Click OK.
  • Please post the contents of MBAM Log.txt in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following the steps?
  • MBAM Log.txt
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Avast shield disabled at startup, etc

Unread postby rbd » April 17th, 2017, 6:28 pm

Hello mAL,

The disabled shield issue hasn't come up any more since I re-installed Avast!, so hopefully it's sorted out. Nevertheless do refer me to the Avast! forum in case it comes up again.
I'm glad it's not due to infections.

I re-installed MBAM. Log pasted below. It seems clean, though it didn't check for rootkits. (I guess it's fine in this instance, but I've now enabled this option for future scans that I will certainly do in future).

================
Malwarebytes
http://www.malwarebytes.com

-Log Details-
Scan Date: 4/17/17
Scan Time: 11:12 PM
Logfile: MBAM log.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1750
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TOSHIBA\Administrator1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362931
Time Elapsed: 3 min, 48 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Avast shield disabled at startup, etc

Unread postby mAL_rEm018 » April 18th, 2017, 2:22 pm

Hello rbd,

rbd wrote:The disabled shield issue hasn't come up any more since I re-installed Avast!, so hopefully it's sorted out. Nevertheless do refer me to the Avast! forum in case it comes up again.

My apologies.. I misunderstood what you wrote. I thought you were still having issues with the shields in Avast! :oops:

rbd wrote:I re-installed MBAM. Log pasted below. It seems clean, though it didn't check for rootkits. (I guess it's fine in this instance, but I've now enabled this option for future scans that I will certainly do in future).

By default MBAM 3.0 doesn't scan for rootkits. This type of infection is rarely seen in the wild anymore and I don't have any reason to believe that there is rootkit activity on your computer. However, if you want to run another MBAM scan with the option checked, please feel free to do so and post me the log in your next reply. If all is well, then I will provide you with my "all clean" speech. :)
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Avast shield disabled at startup, etc

Unread postby rbd » April 18th, 2017, 5:45 pm

Hello mAL,

No worries.
I'll remember about Avast issue and if it happens again I'll check on their forum first.

I ran the new scan with MBAM. Log pasted below - seems ok.

=============
Malwarebytes
http://www.malwarebytes.com

-Log Details-
Scan Date: 4/18/17
Scan Time: 10:31 PM
Logfile: MBAM log3.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1756
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TOSHIBA\Administrator1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363836
Time Elapsed: 8 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Avast shield disabled at startup, etc

Unread postby mAL_rEm018 » April 19th, 2017, 5:25 am

Hello rbd,

rbd wrote:I'll remember about Avast issue and if it happens again I'll check on their forum first.

You can find their forum here: Avast forum.


I have good news..there are no more signs of malware on your computer. :) Please follow the steps below and then you'll be all set to go.


Some of your Adobe software are outdated.. We will remove them and re-install the new version. If you have the paid version of Adobe Reader, then please feel free to keep the program as is.


Removing a program in Windows 7
  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:
    Adobe Flash Player 25 ActiveX
    Adobe Flash Player 25 NPAPI
    Adobe Reader XI (11.0.19) MUI
  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
Note: you can only remove one program at a time.


To re-install Adobe Reader, please do the following..

  • Click on the following link: Adobe Reader DC.
    Make sure to uncheck all bundled software offers.
  • Select Install Now and save the executable file to your desktop.
  • Right-Click readerdc_en_xa_crd_install.exe and click Run as administrator.
  • Select Next.
  • When the install process is over, select Close.


To re-install Adobe Flash Player, please do the following..

  • Click on the following link: Adobe Flash Player.
    Make sure to uncheck all bundled software offers.
  • Select Install Now and save the executable file to your desktop.
  • Right-Click flashplayer25_xa_install.exe and click Run as administrator.
  • Ensure that the following option is selected:
    • Allow Adobe to install updates (recommended)
  • Select Next.
  • When the install process is over, select Close.


Let's remove the tools we have been using so far..
  • Please download Delfix to your desktop.
  • Right-click on delfix_1.013.exe and select Run as administrator.
  • Check the following boxes:
    • Remove disinfection tools
    • Purge system restore
  • You can now safely remove any tools and/or logs that may remain on your computer.


From your 2nd post:
rbd wrote:I have backed up my data (never done it before).

You should make frequent backups of your data and this is something I can't stress enough.. The new type of malware nowadays is Ransomware, which will encrypt all your files in order to extort money from you. Unfortunately, most of the time it's impossible to recover your data unless you pay a large sum of money. Even if you do pay, there is no guarantee that you will get your files back! People have lost years of research, thousands of pictures, etc.. just because they didn't bother taking less than an hour a week to backup everything. Please don't be like them.

You should also read and get acquainted with the following topic: COMPUTER SECURITY - a short guide to staying safer online , which goes into depth on how to keep your computer secure. I bookmarked it for easy reference and so should you.


I would really appreciate it if you could reply to this post to let me know that you've seen it, so that I can request for this topic to be closed.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Avast shield disabled at startup, etc

Unread postby rbd » April 19th, 2017, 6:38 pm

Hello mAL,

Thanks for your help.

I followed your final instructions. I also installed Flash for IE (as I've always done in the past), in case I ever need to use IE.
I also read your post on security, and put it in my bookmarks.

I take it I can also install the Windows updates now? There's quite a few popping up.


I have two questions for you before closing the topic, if I may.

1) Backup: is there a way to know in advance how much space this is going to need? When I did it last week, I used up 4 CDs. I could have used a USB stick or an external hard-drive instead, so it can overwrite the previous backup data.

2) Generally once a month I run TFC to clean up any temporary files and free up disk space. It was mentioned to me by a previous visit to his forum.
Is this still the best tool o use it? Is there a later version I should use? If so, from where to download it?
I remember finding a couple of websites offering this tool, but actually the tool was different from one to another. I downloaded this more than a couple of years ago, and I'm happy with it. It's simple. I'd just like to know if I should use a newer version and where to download it from.
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Avast shield disabled at startup, etc

Unread postby rbd » April 19th, 2017, 6:40 pm

Hello mAL,

I've actually just found out that DelFix removed TFC.exe too.
So my question no.2 is even more pressing: where should I best download it from?

Thanks in advance.
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Avast shield disabled at startup, etc

Unread postby mAL_rEm018 » April 20th, 2017, 3:54 pm

Hello rbd,

Backup: is there a way to know in advance how much space this is going to need? When I did it last week, I used up 4 CDs. I could have used a USB stick or an external hard-drive instead, so it can overwrite the previous backup data.

To be completely honest, I'm not sure if there is a way to know how much space will be needed for the backup. Yes it would be a good idea to use either a USB or an external hard-drive to backup everything, since you would save money on cds. However, don't throw away the backups you already made.. It's always a good idea to have more than one backup of your data.


Generally once a month I run TFC to clean up any temporary files and free up disk space. It was mentioned to me by a previous visit to his forum.
Is this still the best tool o use it? Is there a later version I should use? If so, from where to download it?

..

I've actually just found out that DelFix removed TFC.exe too.
So my question no.2 is even more pressing: where should I best download it from?

TFC is no longer updated. My advise would be to use the Windows built-in tool. Please see the following link for more information: How to clean out your Temp files

However, if you really want to keep using TFC, then you can find it here: Link

Do you have more questions? If so, please feel free to ask. :)
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Avast shield disabled at startup, etc

Unread postby rbd » April 20th, 2017, 8:27 pm

Hello mAL,

Thanks for your answer and links.

I don't have any more questions.

Thank you so much for your help. I'm glad I didn't have a serious issue, nonetheless you and your team-mates of this forum are always very helpful.

Regards,
rbd
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Avast shield disabled at startup, etc

Unread postby mAL_rEm018 » April 21st, 2017, 8:27 am

rbd wrote:I take it I can also install the Windows updates now? There's quite a few popping up.

I forgot to mention in my last reply that yes, you can install your updates.

rbd wrote:Thank you so much for your help.

It's my pleasure! :) Since you don't have any more questions, I will go ahead and request for this topic to be closed. Take care and stay safe!
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Avast shield disabled at startup, etc

Unread postby pgmigg » April 21st, 2017, 10:05 am

As the problems seem to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see
Feedback for Our Helpers - Say "Thanks" Here.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 123 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware