1. #1
    slims875's Avatar
    Join Date
    Nov 2017
    Location
    Peoria, Arizona
    Posts
    95

    [7SP1Pro x64] My Computer Was Remotely Accessed

    First, I want to provide a couple of Disclaimers.
    1) I love my wife more than anything in this world.
    2) This post will at times seem vague and I will be unable to provide specific information about the occurrence.

    My wife is completely computer-challenged. Beyond posting in Facebook, she knows little to nothing about the world of computers. That said, I was awakened from a nap a bit ago only to hear my wife speaking on the phone and telling someone"I'll let you speak with my husband". I asked here what was going on and she said that something was wrong with the computer and that she had someone on the phone trying to assist with the 'problem'. Some guy is on the phone and I asked who it was and what he wanted. He said he worked for Microsoft and that he was only responding to my wife's request. I sit down at my computer only tosee the cursor moving about, writing out text in a .txt file and opening and closing various programs (Task Manager, Msconfig (Services), Device Manager,etc). To my horror this guy tells me that "your support has run out and now there are at least 10 programs on my computer that no longer function." He starts highlighting programs in Task Manager and says these no longer will operate. I know what is on my computer and didn't recognize a single program in the list of running programs.
    The background on my screen was white with some text about issues on my computer and a note saying that for $299 every 3 months I could once again have support. I was absolutely in shock at what I seeing and hearing. I hung up the phone and shutdown my computer. I asked my wife what in the world happened that this guy had remote access to our computer. She said that she was on a Motor Vehicle Division website trying to get information about her expiring license when aloud, continuous beep started and the screen went white containing WARNING messages. There was also a phone number to call. My wife fearing that she had done something wrong called the phone number. I asked my wife how the gentlemen gained access to our computer and she indicated that the gentleman gave her a website to go to and enter a code. She entered the code given to her and she said within a couple of minutes the screen changed and he had access to the computer. He was on the phone with her at the time and that is when he told her that support had run out and that he could fix the computer for $299. At this point I became involved in the situation.
    I have Bitdefender free edition and scan my computer every Sunday with Bitdefender and Malwarebytes and have never had a serious issue with viruses, Trojan horses, or malware. I ran both programs after I restarted my computer and did find a Trojan horse associated with an email that was sent months ago.
    Below are the logs requested for the initial post. I need to know what more I can do to possibly identify any changes this gentleman made on my machine. If Sysnative needs to remotely access my computer to check things out , I am more than willing to allow this. Thank you very much in advance for your attention to this matter.


    Result of Security Analysis by Rocket Grannie (x86) Updated: 27th December, 2017
    Running from:C:\Users\MarkAZ\Desktop (03:44:18 - 12/27/2017)
    ***---------------------------------------------------------***
    Microsoft Windows 7 Professional X64 Service Pack 1
    UAC is Disabled
    Internet Explorer 11
    Default Browser: C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    ***------------Antivirus - Antispyware - Firewall-----------***
    Bitdefender Antivirus (Disabled - up to Date)
    Bitdefender Antispyware (Disabled - up to Date)
    Windows Defender (Disabled - Not up to Date)
    Windows Firewall (Enabled)
    No other Firewall Installed
    ***-------Security Programs - Browsers - Miscellaneous------***
    Adobe Flash Player NPAPI is not installed
    CCleaner (5.36) ==> is out of Date
    Google Chrome (63.0.3239.108)
    Java (8.0.1510.12)
    Malwarebytes (2.2.1.1043) ==> is out of Date
    Microsoft Silverlight (5.1.50907.0)
    Mozilla Firefox (57.0.2)


    ***----------------Analysis Complete-------------------------***


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
    Ran by MarkAZ (administrator) on MARKAZ-PC (27-12-2017 03:42:40)
    Running from C:\Users\MarkAZ\Desktop
    Loaded Profiles: MarkAZ (Available Profiles: MarkAZ)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: "C:\Program Files\SRWare Iron (64-Bit)\chrome.exe" -- "%1")
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
    () C:\Windows\System32\atiesrxx.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    () C:\Windows\System32\atieclxx.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    () C:\Program Files (x86)\RocketDock\RocketDock.exe
    (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    () C:\Program Files (x86)\Everything\Everything.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxag.exe
    (Google Inc.) C:\Users\MarkAZ\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Users\MarkAZ\AppData\Local\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\seccenter.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (SRWare) C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-10-19] (Realtek Semiconductor)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
    HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [321232 2017-12-15] (Bitdefender)
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1223168 2016-12-09] (Cisco Systems, Inc.)
    HKU\S-1-5-21-2609069616-2479026874-2953070309-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
    HKU\S-1-5-21-2609069616-2479026874-2953070309-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2017-11-19] (Glarysoft Ltd)
    HKU\S-1-5-18\...\Run: [] => [X]
    BootExecute: autocheck autochk *


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    AutoConfigURL: [S-1-5-21-2609069616-2479026874-2953070309-1000] => hxxp://web-unstop.com/wpad.dat?a21ef1e489afda9723284a7f6614c8df37412136
    Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
    Tcpip\..\Interfaces\{9E85AAF3-4F35-4402-A60D-DDCC537E848E}: [DhcpNameServer] 192.168.10.1
    Tcpip\..\Interfaces\{ADD86BCD-7CC6-4166-ACAA-0CA5AC0E14E8}: [NameServer] 208.67.222.222,208.67.220.220
    Tcpip\..\Interfaces\{ADD86BCD-7CC6-4166-ACAA-0CA5AC0E14E8}: [DhcpNameServer] 192.168.10.1
    ManualProxies: 0hxxp://web-unstop.com/wpad.dat?a21ef1e489afda9723284a7f6614c8df37412136


    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2609069616-2479026874-2953070309-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uhaul.net/
    HKU\S-1-5-21-2609069616-2479026874-2953070309-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
    SearchScopes: HKU\S-1-5-21-2609069616-2479026874-2953070309-1000 -> {2A352E89-C333-4004-9773-114B15188B77} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-2609069616-2479026874-2953070309-1000 -> {481623B1-6513-4BF8-BC8C-89381DEF6DB4} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
    SearchScopes: HKU\S-1-5-21-2609069616-2479026874-2953070309-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B22FFF5D-1710-40D5-911B-8221E203824F}&mid=86078c7c4c7b47cdb4c991c41ae8834f-1d100ad855dbaa24e1f705e5f3560a5d3d5a9f72&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116av&pr=fr&d=2016-01-27 01:11:24&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
    BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-12-15] (Bitdefender)
    BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-19] (Oracle Corporation)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-19] (Oracle Corporation)
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-12-15] (Bitdefender)
    BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-12-15] (Bitdefender)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-12-15] (Bitdefender)
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)


    FireFox:
    ========
    FF DefaultProfile: t706eug9.default
    FF ProfilePath: C:\Users\MarkAZ\AppData\Roaming\Postbox\Profiles\d2rgsrui.default [2017-12-26]
    FF Extension: (MinimizeToTray revived (MinTrayR)) - C:\Users\MarkAZ\AppData\Roaming\Postbox\Profiles\d2rgsrui.default\Extensions\mintrayr@tn123.ath.cx [2015-10-28] [Legacy] [not signed]
    FF Extension: (QuickPasswords) - C:\Users\MarkAZ\AppData\Roaming\Postbox\Profiles\d2rgsrui.default\Extensions\QuickPasswords@axelg.com.xpi [2015-10-28] [Legacy]
    FF Extension: (MailHops) - C:\Users\MarkAZ\AppData\Roaming\Postbox\Profiles\d2rgsrui.default\Extensions\thunderbird@mailhops.com.xpi [2015-10-28] [Legacy] [not signed]
    FF ProfilePath: C:\Users\MarkAZ\AppData\Roaming\Mozilla\Firefox\Profiles\t706eug9.default [2017-12-26]
    FF Extension: (Enhancer for YouTube™) - C:\Users\MarkAZ\AppData\Roaming\Mozilla\Firefox\Profiles\t706eug9.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-12-25]
    FF Extension: (LastPass: Free Password Manager) - C:\Users\MarkAZ\AppData\Roaming\Mozilla\Firefox\Profiles\t706eug9.default\Extensions\support@lastpass.com.xpi [2017-12-25]
    FF Extension: (uBlock Origin) - C:\Users\MarkAZ\AppData\Roaming\Mozilla\Firefox\Profiles\t706eug9.default\Extensions\uBlock0@raymondhill.net.xpi [2017-12-25]
    FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff
    FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff [2017-09-08]
    FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
    FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-04-21] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-05-16] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff
    FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
    FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-19] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-19] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2609069616-2479026874-2953070309-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MarkAZ\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2609069616-2479026874-2953070309-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MarkAZ\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)


    Chrome:
    =======
    CHR HomePage: Default -> hxxps://news.google.com/news/section?cf=all&topic=s&ned=us&ar=1484040976
    CHR StartupUrls: Default -> "hxxps://news.google.com/news/section?cf=all&topic=s&ned=us"
    CHR NewTab: Default -> Active:"chrome-extension://ehhkfhegcenpfoanmgfpfhnmdmflkbgk/index.html"
    CHR Profile: C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default [2017-12-25]
    CHR Extension: (Magic Actions for YouTube™) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-12-21]
    CHR Extension: (Clear Downloads) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknoejjhcfmakcibhifepfkegpjdnadk [2015-09-29]
    CHR Extension: (YouTube) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
    CHR Extension: (Google Search) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cakbijpiobnmbelbfeedlopbjkhhligf [2017-08-22]
    CHR Extension: (Google Search) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
    CHR Extension: (Google Contacts Launcher) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhggpkpgfpkpebfmcbomdljchcmbilf [2017-03-16]
    CHR Extension: (Tampermonkey) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-11-03]
    CHR Extension: (Logitech Smooth Scrolling) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-02-24]
    CHR Extension: (Home - New Tab Page) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-07-28]
    CHR Extension: (Bitdefender Wallet) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-06-02]
    CHR Extension: (HTTPS Everywhere) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-12-20]
    CHR Extension: (AdBlock) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-20]
    CHR Extension: (TinEye Reverse Image Search) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2017-08-03]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-12-20]
    CHR Extension: (Favicon Changer) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo [2017-09-27]
    CHR Extension: (FormBox) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilmlndilechkgihmfachaeoaencjnmbd [2015-09-29]
    CHR Extension: (Search All) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdkbemdpepjjppbfgeapjienologapa [2017-11-03]
    CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2017-03-16]
    CHR Extension: (Material Theme) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnphgdednjnpcoeamekbogoblkdajep [2017-12-25]
    CHR Extension: (SaveFrom.net helper) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2017-12-21] [UpdateUrl: hxxp://download.sf-helper.com/chrome/updates-3.xml] <==== ATTENTION
    CHR Extension: (Ghostery) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-12-21]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-04]
    CHR Extension: (Stylist) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabfempgigicdjjlccdgnbmeggkbjdhd [2015-09-29]
    CHR Extension: (Amazon Assistant for Chrome) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-12-21]
    CHR Extension: (Gmail) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-29]
    CHR Extension: (Contacts) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjpambjkhcilibnmeihhfgdkhfelbdkj [2017-09-26]
    CHR Extension: (Chrome Media Router) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-21]
    CHR Extension: (Tampermonkey) - C:\Users\MarkAZ\Iron Extensions\Unpacked Extensions\Tampermonkey_v3.10.3 [2015-09-14]
    CHR Extension: (SaveFrom.net helper) - C:\Users\MarkAZ\Iron Extensions\Unpacked Extensions\Savefrom [2015-09-14] [UpdateUrl: hxxp://sf-addon.com/helper/chrome/updates-3.xml] <==== ATTENTION
    CHR Profile: C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-14]
    CHR HKU\S-1-5-21-2609069616-2479026874-2953070309-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
    StartMenuInternet: Google Chrome Canary.FIVZGMTAJUMFMMOU6SPMQ7QDGI - C:\Users\MarkAZ\AppData\Local\Google\Chrome SxS\Application\chrome.exe


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [305176 2017-07-27] ()
    R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
    S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
    S4 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2090152 2017-09-07] (Bitdefender)
    S4 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2017-12-26] () [File not signed]
    S4 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.)
    S4 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-12-15] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1129720 2017-12-15] (Bitdefender)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S2 PlaysService; "C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe" [X]


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [21527576 2017-07-27] ()
    R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [493592 2017-07-27] ()
    R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
    R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
    R1 atc; C:\Windows\System32\DRIVERS\atc.sys [1019880 2017-09-28] (BitDefender S.R.L. Bucharest, ROMANIA)
    R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1763744 2017-09-28] (BitDefender)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [124424 2017-07-26] (BitDefender LLC)
    S3 bdprivmon; C:\Windows\System32\DRIVERS\bdprivmon.sys [47376 2017-11-24] (© Bitdefender SRL)
    S4 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
    S3 cpuz144; C:\Windows\temp\cpuz144\cpuz144_x64.sys [48984 2017-12-15] (CPUID)
    R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-09-15] (Glarysoft Ltd)
    R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [187688 2017-09-07] (BitDefender LLC)
    R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2015-09-30] (REALiX(tm))
    S3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
    S3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [27048 2017-06-13] (IObit.com)
    S3 MxlW2k; C:\Windows\SysWow64\Drivers\MxlW2k.sys [28352 2016-08-10] (MusicMatch, Inc.) [File not signed]
    S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
    S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3733208 2017-07-27] (Realtek Semiconductor Corporation )
    R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [439576 2017-09-07] (BitDefender S.R.L.)
    S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-07-24] (Cisco Systems, Inc.)
    R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [62856 2017-10-24] (Intel Corporation)
    S2 APXACC; system32\DRIVERS\appexDrv.sys [X]
    S3 atillk64; \??\C:\Program Files (x86)\AMD\atillk64.sys [X]
    S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-12-27 03:42 - 2017-12-27 03:42 - 000023939 _____ C:\Users\MarkAZ\Desktop\FRST.txt
    2017-12-26 20:39 - 2017-12-26 20:39 - 000899584 _____ C:\Users\MarkAZ\Desktop\RGSA.exe
    2017-12-26 20:37 - 2017-12-26 20:26 - 002391552 _____ (Farbar) C:\Users\MarkAZ\Desktop\FRST64.exe
    2017-12-26 20:25 - 2017-12-26 20:25 - 002391552 _____ (Farbar) C:\Users\MarkAZ\Downloads\FRST64.exe
    2017-12-26 20:08 - 2017-12-26 20:08 - 000000120 _____ C:\Users\MarkAZ\Desktop\problem.txt
    2017-12-26 19:28 - 2017-12-26 19:07 - 000031732 _____ C:\Users\MarkAZ\Desktop\1514325608_1_03.xml
    2017-12-26 14:19 - 2017-12-26 14:36 - 000000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0004_ace8f1184962bab0
    2017-12-26 14:18 - 2017-12-26 14:19 - 000085272 _____ C:\Users\MarkAZ\Downloads\ConnectWiseControl.Client.exe
    2017-12-25 22:12 - 2017-12-26 20:14 - 000000000 ____D C:\Users\MarkAZ\AppData\LocalLow\Mozilla
    2017-12-25 22:12 - 2017-12-26 20:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-12-25 22:12 - 2017-12-25 22:12 - 000001200 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-12-25 21:38 - 2017-12-25 21:38 - 000048496 _____ C:\Users\MarkAZ\.recently-used.xbel
    2017-12-25 15:04 - 2017-12-25 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer
    2017-12-25 15:04 - 2017-12-25 15:04 - 000000000 ____D C:\Program Files\Fotosizer
    2017-12-25 13:47 - 2017-12-25 13:47 - 000000000 ____D C:\Users\MarkAZ\Downloads\fotosizer_product_key
    2017-12-25 08:59 - 2017-12-25 08:59 - 000000000 ____D C:\Users\MarkAZ\Downloads\Monitor_Acer_1.0_W7x86W7x64W8x86W8x64_A
    2017-12-25 08:58 - 2017-12-25 08:58 - 000003925 _____ C:\Users\MarkAZ\Downloads\Monitor_Acer_1.0_W7x86W7x64W8x86W8x64_A.zip
    2017-12-25 08:42 - 2017-12-25 08:42 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
    2017-12-25 02:37 - 2017-12-25 02:37 - 000000955 _____ C:\Users\MarkAZ\AppData\Roaming\Network Meter_Settings.ini
    2017-12-25 02:37 - 2017-12-25 02:37 - 000000015 _____ C:\Users\MarkAZ\AppData\Roaming\Network Meter_Usage.ini
    2017-12-25 02:35 - 2017-12-25 02:36 - 000000097 _____ C:\Users\MarkAZ\IP_Log_Data.js
    2017-12-25 02:35 - 2017-12-25 02:35 - 000348621 _____ C:\Users\MarkAZ\Downloads\Network_Meter.zip
    2017-12-25 02:35 - 2017-12-25 02:35 - 000003148 _____ C:\Windows\System32\Tasks\SidebarExecute
    2017-12-25 02:28 - 2017-12-25 02:28 - 000002483 _____ C:\Users\MarkAZ\AppData\Roaming\Microsoft\Windows\Start Menu\ImageShack Uploader.lnk
    2017-12-25 02:27 - 2017-12-25 02:27 - 000000884 _____ C:\Users\MarkAZ\Desktop\Iron.lnk
    2017-12-25 00:56 - 2017-12-25 01:02 - 000000000 ____D C:\ProgramData\DriverAgentPlus
    2017-12-24 05:14 - 2017-12-24 05:14 - 000000115 _____ C:\Users\MarkAZ\Documents\Dentist.txt
    2017-12-22 23:48 - 2017-12-22 23:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageShack Uploader
    2017-12-22 23:48 - 2017-12-22 23:48 - 000000000 ____D C:\Program Files (x86)\ImageShack Uploader
    2017-12-21 17:12 - 2017-12-21 17:14 - 000000988 _____ C:\Users\MarkAZ\Desktop\Mouse.lnk
    2017-12-19 15:56 - 2017-12-19 15:56 - 001254164 _____ (Markus Welz ) C:\Users\MarkAZ\Downloads\spotonthemouse_2.7.2.exe
    2017-12-19 15:55 - 2017-12-19 15:55 - 001756241 _____ (Luhom ) C:\Users\MarkAZ\Downloads\spotonthemouse_2.7.2_1976926840.exe
    2017-12-18 22:17 - 2017-12-21 05:23 - 000000000 ____D C:\Users\MarkAZ\Downloads\TCPView
    2017-12-18 22:17 - 2017-12-18 22:17 - 000291606 _____ C:\Users\MarkAZ\Downloads\TCPView.zip
    2017-12-17 01:44 - 2017-12-17 01:44 - 003233589 _____ C:\Users\MarkAZ\Downloads\Environment Mapped Text Tutorial.pdf
    2017-12-15 10:35 - 2017-12-15 10:35 - 005788792 _____ C:\Users\MarkAZ\Downloads\gimp-2.6.exe
    2017-12-15 10:00 - 2017-12-24 05:17 - 000000000 ____D C:\Users\MarkAZ\Downloads\gimp-themes-v1-0
    2017-12-15 10:00 - 2017-12-15 10:01 - 000000000 ____D C:\Program Files (x86)\Gimp Themes v1.0
    2017-12-15 09:56 - 2017-12-15 09:56 - 000000000 ____D C:\Users\MarkAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GTK2 Runtime
    2017-12-15 09:52 - 2017-12-15 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTK2 Runtime
    2017-12-15 09:52 - 2017-12-15 09:56 - 000000000 ____D C:\Program Files (x86)\GTK2-Runtime
    2017-12-15 09:49 - 2017-12-15 09:49 - 000000000 ____D C:\Users\MarkAZ\Downloads\gtk2_prefs-0.4.1.bin-win32
    2017-12-15 06:14 - 2017-12-15 10:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
    2017-12-15 05:00 - 2017-12-15 05:00 - 000112368 _____ C:\Users\MarkAZ\AppData\Local\recently-used.xbel
    2017-12-13 15:29 - 2017-12-13 15:29 - 000000000 _____ C:\Users\MarkAZ\.gtk-bookmarks
    2017-12-13 14:48 - 2017-12-15 05:00 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\gtk-2.0
    2017-12-13 14:22 - 2017-12-13 14:22 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\fontconfig
    2017-12-13 14:21 - 2017-12-13 14:21 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\gegl-0.2
    2017-12-13 14:19 - 2017-12-15 06:15 - 000000000 ____D C:\Program Files\GIMP 2
    2017-12-13 12:42 - 2017-12-13 12:42 - 000000000 ____D C:\Program Files\AMD Auto-detect
    2017-12-13 09:11 - 2017-12-13 09:11 - 718140844 _____ C:\Windows\MEMORY.DMP
    2017-12-13 09:11 - 2017-12-13 09:11 - 000447920 _____ C:\Windows\Minidump\121317-8970-01.dmp
    2017-12-13 09:11 - 2017-12-13 09:11 - 000000000 ____D C:\Windows\Minidump
    2017-12-13 09:11 - 2017-12-13 09:11 - 000000000 ____D C:\Users\MarkAZ\.QtWebEngineProcess
    2017-12-13 09:11 - 2017-12-13 09:11 - 000000000 ____D C:\Users\MarkAZ\.Plays.tv
    2017-12-13 09:09 - 2017-12-13 09:27 - 000000000 ____D C:\Users\MarkAZ\AppData\Roaming\PlaysTV
    2017-12-13 09:08 - 2017-12-13 09:08 - 000000000 ____D C:\Users\MarkAZ\AppData\Roaming\library_dir
    2017-12-13 09:08 - 2017-12-13 09:08 - 000000000 ____D C:\Program Files (x86)\Raptr Inc
    2017-12-12 20:19 - 2017-11-14 18:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-12-12 20:19 - 2017-11-14 17:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-12-12 20:19 - 2017-11-13 20:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-12-12 20:19 - 2017-11-13 20:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-12-12 20:19 - 2017-11-13 20:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-12-12 20:19 - 2017-11-13 20:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-12-12 20:19 - 2017-11-13 20:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-12-12 20:19 - 2017-11-13 20:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-12-12 20:19 - 2017-11-13 20:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-12-12 20:19 - 2017-11-13 20:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-12-12 20:19 - 2017-11-13 20:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-12-12 20:19 - 2017-11-13 20:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-12-12 20:19 - 2017-11-13 20:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-12-12 20:19 - 2017-11-13 20:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-12-12 20:19 - 2017-11-13 20:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-12-12 20:19 - 2017-11-13 20:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-12-12 20:19 - 2017-11-13 20:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-12-12 20:19 - 2017-11-13 20:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-12-12 20:19 - 2017-11-13 20:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-12-12 20:19 - 2017-11-13 20:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-12-12 20:19 - 2017-11-13 20:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-12-12 20:19 - 2017-11-13 20:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2017-12-12 20:19 - 2017-11-13 20:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-12-12 20:19 - 2017-11-13 20:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-12-12 20:19 - 2017-11-13 20:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-12-12 20:19 - 2017-11-13 20:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-12-12 20:19 - 2017-11-13 20:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-12-12 20:19 - 2017-11-13 19:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-12-12 20:19 - 2017-11-13 19:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-12-12 20:19 - 2017-11-13 19:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-12-12 20:19 - 2017-11-13 19:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-12-12 20:19 - 2017-11-13 19:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-12-12 20:19 - 2017-11-13 19:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-12-12 20:19 - 2017-11-13 19:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-12-12 20:19 - 2017-11-13 19:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-12-12 20:19 - 2017-11-13 19:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-12-12 20:19 - 2017-11-13 19:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-12-12 20:19 - 2017-11-13 18:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-12-12 20:19 - 2017-11-13 18:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-12-12 20:19 - 2017-11-13 18:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-12-12 20:19 - 2017-11-13 18:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-12-12 20:19 - 2017-11-13 18:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-12-12 20:19 - 2017-11-13 17:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-12-12 20:19 - 2017-11-13 17:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-12-12 20:19 - 2017-11-07 13:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-12-12 20:19 - 2017-11-07 13:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-12-12 20:19 - 2017-11-07 13:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-12-12 20:19 - 2017-11-07 13:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-12-12 20:19 - 2017-11-07 13:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-12-12 20:19 - 2017-11-07 13:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-12-12 20:19 - 2017-11-07 13:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-12-12 20:19 - 2017-11-07 13:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-12-12 20:19 - 2017-11-07 13:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-12-12 20:19 - 2017-11-07 13:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-12-12 20:19 - 2017-11-07 13:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-12-12 20:19 - 2017-11-07 13:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-12-12 20:19 - 2017-11-07 13:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-12-12 20:19 - 2017-11-07 13:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2017-12-12 20:19 - 2017-11-07 13:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-12-12 20:19 - 2017-11-07 13:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-12-12 20:19 - 2017-11-07 13:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-12-12 20:19 - 2017-11-07 13:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-12-12 20:19 - 2017-11-07 13:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-12-12 20:19 - 2017-11-07 13:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-12-12 20:19 - 2017-11-07 13:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-12-12 20:19 - 2017-11-07 13:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-12-12 20:19 - 2017-11-07 13:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-12-12 20:19 - 2017-11-07 12:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-12-12 20:19 - 2017-11-07 09:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-12-12 20:19 - 2017-11-07 09:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-12-12 20:19 - 2017-11-04 08:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
    2017-12-12 20:19 - 2017-11-04 08:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
    2017-12-12 20:19 - 2017-11-04 08:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
    2017-12-12 20:19 - 2017-11-04 08:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
    2017-12-12 20:19 - 2017-11-02 09:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
    2017-12-12 20:19 - 2017-11-02 09:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
    2017-12-12 20:19 - 2017-11-02 09:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
    2017-12-12 20:19 - 2017-11-02 09:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
    2017-12-12 20:19 - 2017-11-02 08:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
    2017-12-12 20:19 - 2017-11-02 08:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
    2017-12-12 20:19 - 2017-11-02 08:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
    2017-12-12 20:19 - 2017-11-02 07:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
    2017-12-12 18:46 - 2017-03-07 07:05 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2017-12-12 18:46 - 2016-03-23 15:40 - 003181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2017-12-12 18:46 - 2016-03-23 15:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2017-12-10 21:06 - 2012-08-23 07:10 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2017-12-10 21:06 - 2012-08-23 04:12 - 000192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2017-12-10 21:06 - 2012-08-23 03:51 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2017-12-07 02:30 - 2017-12-07 02:30 - 000000000 ____D C:\Users\MarkAZ\AppData\Roaming\AMD
    2017-12-06 19:14 - 2017-12-06 19:14 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\AppEx Networks
    2017-12-06 18:03 - 2017-12-06 18:14 - 000000000 ____D C:\Program Files\RegScanner
    2017-12-06 18:02 - 2017-12-06 18:02 - 000000000 ____D C:\Program Files\New folder
    2017-12-06 11:19 - 2017-12-06 11:19 - 000000000 ____D C:\Program Files\CPUZ
    2017-12-06 08:48 - 2017-12-06 08:48 - 000000000 ____D C:\Users\MarkAZ\AppData\Roaming\ATI
    2017-12-06 08:48 - 2017-12-06 08:48 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\ATI
    2017-12-06 08:48 - 2017-12-06 08:48 - 000000000 ____D C:\ProgramData\ATI
    2017-12-06 08:47 - 2017-12-06 08:48 - 000000000 ____D C:\ProgramData\AMD
    2017-12-06 08:47 - 2017-12-06 08:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2017-12-06 08:41 - 2017-12-06 08:42 - 000000000 ____D C:\AMD
    2017-12-06 08:40 - 2017-12-06 08:40 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\RadeonInstaller
    2017-12-02 14:34 - 2017-11-16 21:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-12-02 14:34 - 2017-10-16 16:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
    2017-12-02 14:34 - 2017-10-16 15:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
    2017-12-02 14:34 - 2017-10-11 17:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
    2017-11-29 11:42 - 2017-11-29 11:42 - 000001422 _____ C:\Users\MarkAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Command Prompt.lnk
    2017-11-29 10:55 - 2017-11-30 07:44 - 000000000 ____D C:\temp
    2017-11-28 20:36 - 2017-11-28 20:36 - 000000000 ____D C:\Users\MarkAZ\Documents\FXHOME
    2017-11-28 20:36 - 2017-11-28 20:36 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\FXHOME Helper
    2017-11-28 20:36 - 2017-11-28 20:36 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\FXHOME
    2017-11-28 20:35 - 2017-12-25 18:09 - 000000000 ____D C:\Program Files\Boris FX, Inc
    2017-11-28 20:35 - 2017-11-28 20:35 - 000000000 ____D C:\Program Files\FXHOME
    2017-11-28 20:35 - 2017-11-28 20:35 - 000000000 ____D C:\Program Files (x86)\Boris FX, Inc
    2017-11-28 20:35 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2017-11-28 20:35 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2017-11-28 01:52 - 2017-11-28 03:13 - 000000000 ____D C:\Users\MarkAZ\AppData\Roaming\gsmartcontrol
    2017-11-28 01:50 - 2017-11-28 03:13 - 000000000 ____D C:\Program Files\GSmartControl
    2017-11-28 01:50 - 2017-11-28 01:50 - 000001905 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSmartControl.lnk


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-12-27 03:42 - 2017-11-22 03:03 - 000000000 ____D C:\FRST
    2017-12-27 01:43 - 2017-11-19 02:36 - 000002477 _____ C:\Users\MarkAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
    2017-12-26 21:11 - 2009-07-13 21:45 - 000035504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-12-26 21:11 - 2009-07-13 21:45 - 000035504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-12-26 21:04 - 2015-09-13 14:59 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\ClassicShell
    2017-12-26 20:38 - 2015-09-15 01:59 - 000000000 ___RD C:\FAVICONS
    2017-12-26 20:38 - 2015-09-13 14:54 - 000000000 ____D C:\Users\MarkAZ\AppData\Roaming\Everything
    2017-12-26 20:15 - 2009-07-13 22:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-12-26 20:15 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
    2017-12-26 20:09 - 2015-09-16 06:16 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
    2017-12-26 20:08 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-12-26 20:07 - 2017-11-23 01:19 - 000514978 _____ C:\Windows\ntbtlog.txt
    2017-12-26 19:30 - 2015-09-18 04:34 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-12-26 19:16 - 2016-10-03 11:26 - 000078848 ___SH C:\Users\MarkAZ\Thumbs.db
    2017-12-26 19:16 - 2015-09-13 13:23 - 000000000 ____D C:\Users\MarkAZ
    2017-12-26 15:14 - 2016-01-22 23:56 - 001426432 _____ (door2windows) C:\Program Files\CustomizerGod.exe
    2017-12-26 14:38 - 2017-09-11 14:18 - 000038643 _____ C:\bdlog.txt
    2017-12-26 14:38 - 2015-09-13 15:24 - 000065536 _____ C:\Windows\system32\spu_storage.bin
    2017-12-26 14:19 - 2017-08-08 05:10 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\Deployment
    2017-12-25 22:12 - 2015-09-15 09:24 - 000000000 ____D C:\Users\MarkAZ\AppData\Roaming\Mozilla
    2017-12-25 21:47 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
    2017-12-25 21:39 - 2015-09-14 15:58 - 000000000 ____D C:\Users\MarkAZ\.gimp-2.6
    2017-12-25 21:38 - 2015-09-16 04:35 - 000000000 ____D C:\Users\MarkAZ\AppData\Roaming\gtk-2.0
    2017-12-25 18:48 - 2016-09-28 22:57 - 000000000 ___RD C:\Users\MarkAZ\Desktop\Uhaul
    2017-12-25 18:34 - 2015-09-16 05:19 - 000000000 ___RD C:\Applinks
    2017-12-25 18:19 - 2017-09-07 11:20 - 000000000 ___RD C:\Users\MarkAZ\Desktop\U-Haul Online
    2017-12-25 18:10 - 2015-09-22 06:42 - 000000000 ____D C:\Program Files (x86)\Fotosizer
    2017-12-25 17:28 - 2015-09-16 20:01 - 000000000 ____D C:\Users\MarkAZ\AppData\Roaming\vlc
    2017-12-25 12:42 - 2015-10-24 11:37 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\CutePDF Writer
    2017-12-25 03:20 - 2017-10-04 03:58 - 002279936 ___SH C:\Users\MarkAZ\Desktop\Thumbs.db
    2017-12-25 02:36 - 2015-09-14 04:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2017-12-25 02:33 - 2015-10-16 04:42 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\ElevatedDiagnostics
    2017-12-25 01:11 - 2015-09-15 05:33 - 000000000 ____D C:\Users\MarkAZ\AppData\Roaming\IObit
    2017-12-25 01:00 - 2015-09-15 05:33 - 000000000 ____D C:\ProgramData\ProductData
    2017-12-25 00:56 - 2017-10-05 06:42 - 002017792 ___SH C:\Users\MarkAZ\Downloads\Thumbs.db
    2017-12-21 03:55 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\Cursors
    2017-12-21 03:15 - 2017-06-01 04:57 - 000001334 _____ C:\Users\MarkAZ\Documents\Duplicate Cleaner log.txt
    2017-12-20 03:30 - 2015-09-29 11:28 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-12-15 10:02 - 2015-09-14 16:53 - 000000163 _____ C:\Users\MarkAZ\.gtkrc-2.0
    2017-12-15 06:14 - 2015-09-14 15:58 - 000000000 ____D C:\Program Files (x86)\GIMP-2.0
    2017-12-15 06:01 - 2016-01-08 03:56 - 000000000 ____D C:\Users\MarkAZ\.gimp-2.8
    2017-12-15 04:27 - 2017-06-01 04:57 - 000000000 ____D C:\Program Files (x86)\Duplicate Cleaner
    2017-12-14 09:11 - 2015-09-13 15:57 - 000000000 ____D C:\Program Files (x86)\Whisper
    2017-12-13 09:32 - 2015-09-13 14:36 - 000000000 ____D C:\Program Files\AMD
    2017-12-13 09:18 - 2015-09-13 14:43 - 000000000 ____D C:\ProgramData\Package Cache
    2017-12-13 09:10 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\LiveKernelReports
    2017-12-12 22:15 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
    2017-12-12 21:28 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
    2017-12-12 21:28 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\Setup
    2017-12-12 21:26 - 2015-09-13 17:53 - 000000000 ____D C:\Windows\system32\MRT
    2017-12-12 21:24 - 2017-10-11 07:23 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2017-12-12 21:24 - 2015-09-13 17:53 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-12-11 19:56 - 2015-09-15 01:56 - 000000000 ____D C:\A6-6400K Build
    2017-12-10 21:07 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\PolicyDefinitions
    2017-12-08 18:11 - 2017-11-22 05:42 - 000000000 ____D C:\SFCFix
    2017-12-08 18:11 - 2017-11-22 05:39 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\niemiro
    2017-12-06 19:23 - 2017-11-14 02:55 - 000004130 _____ C:\Windows\System32\Tasks\CCleaner Update
    2017-12-06 11:20 - 2015-09-14 22:04 - 000000000 ____D C:\Users\MarkAZ\Downloads\To extract
    2017-12-06 08:48 - 2017-08-01 23:32 - 000000000 ____D C:\Users\MarkAZ\AppData\Local\AMD
    2017-12-06 08:47 - 2015-09-13 14:43 - 000000000 ____D C:\Program Files (x86)\AMD
    2017-12-02 17:36 - 2009-07-13 21:45 - 000424952 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-12-01 03:17 - 2009-07-13 21:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-11-28 20:22 - 2017-11-15 10:50 - 000000000 ____D C:\FFOutput
    2017-11-27 00:15 - 2017-05-16 23:25 - 000000000 ____D C:\Program Files\Logitech
    2017-11-27 00:15 - 2017-02-24 01:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech


    ==================== Files in the root of some directories =======


    2017-12-25 02:35 - 2017-12-25 02:36 - 000000097 _____ () C:\Users\MarkAZ\IP_Log_Data.js
    2017-08-24 13:14 - 2017-08-24 13:14 - 000000334 _____ () C:\Program Files\CMS35_12 (2).appref-ms
    2017-08-08 05:10 - 2017-08-08 05:10 - 000000334 _____ () C:\Program Files\CMS35_12.appref-ms
    2016-01-22 23:56 - 2017-12-26 15:14 - 001426432 _____ (door2windows) C:\Program Files\CustomizerGod.exe
    2015-09-23 05:42 - 2015-09-23 05:42 - 000211410 _____ (www.1HourSoftware.com) C:\Program Files\DeskLock.exe
    2015-09-17 02:53 - 2015-09-17 02:55 - 000001780 _____ () C:\Program Files\FastStone.lnk
    2015-09-28 05:23 - 2015-09-28 05:23 - 000001057 _____ () C:\Program Files\MSBuild - Shortcut.lnk
    2015-09-28 05:23 - 2015-09-28 05:23 - 000001057 _____ () C:\Program Files\Prime95 - Shortcut.lnk
    2016-11-18 07:18 - 2017-01-20 02:42 - 001457312 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp64.exe
    2015-08-30 10:12 - 2017-09-12 10:24 - 000171616 _____ (NirSoft) C:\Program Files\shexview.exe
    2017-09-07 14:24 - 2017-09-07 14:24 - 000003107 _____ () C:\Program Files\Vista Shortcut Manager.lnk
    2016-04-22 06:01 - 2017-06-16 10:40 - 000000274 _____ () C:\Users\MarkAZ\AppData\Roaming\burnaware.ini
    2017-12-25 02:37 - 2017-12-25 02:37 - 000000955 _____ () C:\Users\MarkAZ\AppData\Roaming\Network Meter_Settings.ini
    2017-12-25 02:37 - 2017-12-25 02:37 - 000000015 _____ () C:\Users\MarkAZ\AppData\Roaming\Network Meter_Usage.ini
    2017-12-15 05:00 - 2017-12-15 05:00 - 000112368 _____ () C:\Users\MarkAZ\AppData\Local\recently-used.xbel
    2017-09-12 06:08 - 2017-09-12 06:08 - 000000017 _____ () C:\Users\MarkAZ\AppData\Local\resmon.resmoncfg


    Some files in TEMP:
    ====================
    2017-11-16 14:17 - 2017-11-16 14:17 - 000552568 _____ (Logitech) C:\Users\MarkAZ\AppData\Local\Temp\LDeviceInstaller.exe
    2017-11-27 00:13 - 2017-11-16 14:08 - 000058752 _____ (Logitech Inc.) C:\Users\MarkAZ\AppData\Local\Temp\LogiOptionsfileUninstaller.exe
    2017-11-27 00:13 - 2017-11-16 14:19 - 000259216 _____ (Logitech Inc.) C:\Users\MarkAZ\AppData\Local\Temp\LogiOptionsUninstaller.exe
    2017-12-13 09:08 - 2017-12-13 09:09 - 116701880 _____ () C:\Users\MarkAZ\AppData\Local\Temp\playstv_patch.exe
    2017-11-16 14:20 - 2017-11-16 14:20 - 004238456 _____ (Logitech, Inc.) C:\Users\MarkAZ\AppData\Local\Temp\PlugInInstallerUtility.exe
    2017-12-13 09:08 - 2017-12-13 09:08 - 059621016 _____ () C:\Users\MarkAZ\AppData\Local\Temp\raptrpatch.exe
    2017-12-13 09:08 - 2017-12-13 09:08 - 000221632 _____ () C:\Users\MarkAZ\AppData\Local\Temp\raptr_stub.exe


    ==================== Bamital & volsnap ======================


    (There is no automatic fix for files that do not pass verification.)


    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2017-12-19 00:45



    ==================== End of FRST.txt ============================
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
    Ran by MarkAZ (27-12-2017 03:43:24)
    Running from C:\Users\MarkAZ\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2015-09-13 20:23:38)
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-2609069616-2479026874-2953070309-500 - Administrator - Disabled)
    Guest (S-1-5-21-2609069616-2479026874-2953070309-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2609069616-2479026874-2953070309-1002 - Limited - Enabled)
    MarkAZ (S-1-5-21-2609069616-2479026874-2953070309-1000 - Administrator - Enabled) => C:\Users\MarkAZ


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Bitdefender Antivirus (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
    AS: Bitdefender Antispyware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
    Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
    AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.)
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.49 - Bitdefender)
    Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 22.0.1.1 - Bitdefender)
    Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
    Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.4.00243 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{CA610707-85CB-443A-9D11-573B0E85BFCF}) (Version: 4.4.00243 - Cisco Systems, Inc.) Hidden
    Cisco IP Communicator (HKLM-x32\...\{9C771757-BF15-4E33-A59C-2A6DFBBA8E1E}) (Version: 8.6.4.0 - Cisco Systems, Inc.)
    Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
    CMS35_12 (HKU\S-1-5-21-2609069616-2479026874-2953070309-1000\...\5d9714f4df022786) (Version: 1.0.0.64 - U-Haul International, Inc.)
    CPUID CPU-Z 1.82 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82 - )
    CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
    Duplicate Cleaner Free 4.1.0 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 4.1.0 - DigitalVolcano Software Ltd) <==== ATTENTION
    Duplicate File Finder (HKLM-x32\...\{1041487C-12E6-47FE-B83A-E9891782C8FE}}_is1) (Version: 6.3 - Ashisoft)
    Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Hidden
    Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
    Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
    FastStone Image Viewer 6.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.3 - FastStone Soft)
    FirstClass Client (HKLM-x32\...\{E49C4A6D-7655-4D0A-A083-664D99D825CA}) (Version: 12.014 - OpenText)
    Fotosizer 3.06.0 (HKLM\...\Fotosizer) (Version: 3.06.0.564 - Fotosizer.com)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.2.25013 - Foxit Software Inc.)
    FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: - Marek Jasinski)
    GIMP 2.6.8 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
    Gimp Themes v1.0 (HKLM-x32\...\{833D97B9-AC16-45C1-AD44-0A32198956F8}) (Version: 1.0.0 - www.gimp-tutorials.net)
    Glary Utilities 5.88 (HKLM-x32\...\Glary Utilities 5) (Version: 5.88.0.109 - Glarysoft Ltd)
    G'MIC for GIMP version 1.6.8 (HKLM-x32\...\G'MIC for GIMP_is1) (Version: 1.6.8 - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
    Google Chrome Canary (HKU\S-1-5-21-2609069616-2479026874-2953070309-1000\...\Google Chrome SxS) (Version: 65.0.3305.0 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    GSmartControl (HKLM-x32\...\GSmartControl) (Version: 1.1.3 - Alexander Shaduri)
    GTK2-Runtime (HKLM-x32\...\GTK2-Runtime) (Version: 2.24.10-2012-10-10-ash - Alexander Shaduri)
    GTK2-Themes (HKLM-x32\...\GTK2-Themes) (Version: - )
    HWiNFO64 Version 5.04 (HKLM\...\HWiNFO64_is1) (Version: 5.04 - Martin Malík - REALiX)
    IcoFX 1.6.4 (HKLM-x32\...\IcoFX_is1) (Version: - )
    IconViewer (HKLM\...\{C6F34AE0-0576-11d4-82FE-4491FCC00000}) (Version: 3.2.147 - Bot Productions)
    ImageShack Uploader 2.2.0 (HKLM-x32\...\{8BCD7AE7-F713-4D50-BAB9-7839B9386870}) (Version: 2.2.0 - ImageShack Corp.)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.0.2.49 - IObit)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
    Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
    K-Lite Codec Pack 12.1.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.1.0 - KLCP)
    LibreOffice 4.4 Help Pack (English (United States)) (HKLM-x32\...\{CE875000-B984-4D90-89C1-12705958F787}) (Version: 4.4.5.2 - The Document Foundation)
    LibreOffice 5.3.2.2 (HKLM-x32\...\{8DA98699-6AD4-49CF-A9A0-B5E7B7981BE6}) (Version: 5.3.2.2 - The Document Foundation)
    Logitech Options (HKLM\...\LogiOptions) (Version: - Logitech)
    Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Moyea FLV Editor Lite version: 1.0.1.0 (HKLM-x32\...\{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1) (Version: - )
    Mozilla Firefox 57.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0.2 (x86 en-US)) (Version: 57.0.2 - Mozilla)
    OEM Application Profile (HKLM-x32\...\{FCCF4B77-432F-EA83-4289-40C1DFA14C85}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Postbox (4.0.7) (HKLM-x32\...\Postbox (4.0.7)) (Version: 4.0.7 (en-US) - Postbox, Inc.)
    PowerDesk 5.0 (HKLM-x32\...\PowerDesk5.0) (Version: - )
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
    RealWorld Cursor Editor (HKLM-x32\...\{25A344BB-378D-4E51-9A39-780755012B2D}) (Version: 13.1.0 - RealWorld Graphics)
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
    Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    SRWare Iron (64-Bit) version 61.0.3200.0 (HKLM\...\{BA85A29D-B48E-4826-BAEE-817024E52E29}_is1) (Version: 61.0.3200.0 - SRWare)
    Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.5.0 - Tweaking.com)
    Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 7.0.2 - UltraDefrag Development Team)
    Vista Shortcut Manager x64 (HKLM\...\{C7311329-C491-427B-8880-133E84869B3A}) (Version: 2.0 - Frameworkx)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Whisper 32 (HKLM-x32\...\{9F0E4EC2-2398-4BB8-9FBB-B4E7C4E128E6}) (Version: 1.15.0 - Shaun Ivory)
    WinDirStat 1.1.2 (HKU\S-1-5-21-2609069616-2479026874-2953070309-1000\...\WinDirStat) (Version: - )
    Windows Tweaker (HKLM-x32\...\{F6881752-3DD7-44C9-9AC6-D827A1E641CC}) (Version: 5.3.1 - Windows Tweaker)
    XdN Tweaker 0.9.3.0 (HKLM-x32\...\XdN Tweaker) (Version: 0.9.3.0 - Xenomorph dot Net)
    XnView 2.33 (HKLM-x32\...\XnView_is1) (Version: 2.33 - Gougelet Pierre-e)
    XnView Shell Extension 3.0.0 (64bits) (HKLM-x32\...\XnView Shell Extension_is1) (Version: 3.0.0 - Gougelet Pierre-e)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    CustomCLSID: HKU\S-1-5-21-2609069616-2479026874-2953070309-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\MarkAZ\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2609069616-2479026874-2953070309-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MarkAZ\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
    ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
    ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
    ContextMenuHandlers1: [IXnView] -> {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} => C:\Program Files (x86)\XnView\ShellEx\XnViewShellExt.dll [2011-05-09] ()
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
    ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
    ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
    ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)


    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {058335A0-FAED-4750-8EF7-C1C0B5EDA396} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
    Task: {2405B3EF-7866-4CF2-ACF2-C249F515235B} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-11-19] (Glarysoft Ltd)
    Task: {352A46C2-0192-42EC-BC43-FDE5064FA565} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
    Task: {43533420-2447-495B-BE72-1FBCE27580F5} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
    Task: {5C1D804C-633B-420E-BD40-96E57272FCA7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-23] (Adobe Systems Incorporated)
    Task: {8F98BCF0-61A5-4FDE-8E4B-A85BDA09A221} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
    Task: {A3743CF7-92B0-4442-B04E-E3FA6F487517} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
    Task: {C730DA41-E1B5-4682-8955-FCF2CD3BD00F} - System32\Tasks\Uninstaller_SkipUac_MarkAZ => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-09-15] (IObit)
    Task: {CAFB76F7-3A1E-4DF8-B6DF-1081E5FF2506} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2609069616-2479026874-2953070309-1000UA => C:\Users\MarkAZ\AppData\Local\Google\Update\GoogleUpdate.exe [2017-11-19] (Google Inc.)
    Task: {F3988799-B786-4B81-8883-2AADD88749A8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2609069616-2479026874-2953070309-1000Core => C:\Users\MarkAZ\AppData\Local\Google\Update\GoogleUpdate.exe [2017-11-19] (Google Inc.)


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)




    ==================== Shortcuts & WMI ========================


    (The entries could be listed to be restored or removed.)




    ShortcutWithArgument: C:\Users\MarkAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Contacts Launcher.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dbhggpkpgfpkpebfmcbomdljchcmbilf
    ShortcutWithArgument: C:\Users\MarkAZ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ccfc4b32a4424acd\Chromium.lnk -> C:\Program Files\SRWare Iron (64-Bit)\chrome.exe (SRWare) -> --profile-directory=Default


    ==================== Loaded Modules (Whitelisted) ==============


    2017-05-17 02:15 - 2017-02-07 12:34 - 001008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpbr.mdl
    2017-05-17 02:15 - 2017-02-07 12:34 - 000541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpdsp.mdl
    2017-05-17 02:15 - 2017-02-07 12:34 - 003243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpph.mdl
    2017-05-17 02:15 - 2017-02-07 12:34 - 001544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttprbl.mdl
    2015-08-03 19:06 - 2017-07-27 01:19 - 000305176 _____ () C:\Windows\system32\atiesrxx.exe
    2015-08-03 19:07 - 2017-07-27 01:19 - 000704536 _____ () C:\Windows\system32\atieclxx.exe
    2015-09-15 04:09 - 2011-05-09 10:03 - 002373632 _____ () C:\Program Files (x86)\XnView\ShellEx\XnViewShellExt.dll
    2015-10-24 11:34 - 2013-10-23 15:24 - 000087600 _____ () C:\Windows\System32\cpwmon64.dll
    2015-08-04 00:25 - 2015-08-04 00:25 - 000214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
    2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
    2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
    2015-09-14 04:57 - 2007-09-02 13:58 - 000495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
    2015-09-13 14:54 - 2017-12-26 20:38 - 001048576 _____ () C:\Program Files (x86)\Everything\Everything.exe
    2016-07-18 04:43 - 2017-09-23 11:32 - 004192904 _____ () C:\Program Files\SRWare Iron (64-Bit)\libglesv2.dll
    2016-07-18 04:43 - 2017-09-23 11:32 - 000099976 _____ () C:\Program Files\SRWare Iron (64-Bit)\libegl.dll
    2016-12-09 09:09 - 2016-12-09 09:09 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    2015-09-14 04:57 - 2007-09-02 13:57 - 000069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
    2017-11-19 18:20 - 2017-11-19 18:20 - 000087024 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)


    AlternateDataStreams: C:\Program Files\CustomizerGod.exe:BDU [1]


    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)




    ==================== Hosts content: ===============================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2009-07-13 19:34 - 2017-12-27 03:09 - 000000839 _____ C:\Windows\system32\Drivers\etc\hosts




    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-2609069616-2479026874-2953070309-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MarkAZ\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 208.67.222.222 - 208.67.220.220
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AODService => 2
    MSCONFIG\Services: bdredline => 2
    MSCONFIG\Services: Everything => 2
    MSCONFIG\Services: FoxitReaderService => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: IObitUnSvr => 2
    MSCONFIG\Services: LBTServ => 3
    MSCONFIG\Services: ProductAgentService => 2
    MSCONFIG\Services: vpnagent => 2
    MSCONFIG\startupreg: Google Update => C:\Users\MarkAZ\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
    MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{875B7E3B-F699-4114-8E8E-BA3616B1A1E3}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
    FirewallRules: [{CB996C68-6075-4171-9A01-A4529D81DA83}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{917EA8DF-DCAD-43A8-BD0B-94B203B4B73B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{E5BA6859-7F36-44CC-B496-E91E777CEBA3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{714D5ADF-2137-4DF1-8083-2FE205B1CA88}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{4535750D-C711-48C2-9486-36B87A1E6B9C}] => (Allow) C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe
    FirewallRules: [{7709BDDD-F656-47AA-884A-211338217BFB}] => (Allow) C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe
    FirewallRules: [{CF255935-2BB2-4CC9-9351-1020EB9CE502}] => (Allow) C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe
    FirewallRules: [{62862B25-8701-4949-9393-305D1CDC3372}] => (Allow) C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe
    FirewallRules: [TCP Query User{EDD368B7-6A01-465E-A7BF-CA0543443254}C:\program files\srware iron (64-bit)\chrome.exe] => (Allow) C:\program files\srware iron (64-bit)\chrome.exe
    FirewallRules: [UDP Query User{DD3C7BC4-081D-4E8B-B3F6-E576120EBECC}C:\program files\srware iron (64-bit)\chrome.exe] => (Allow) C:\program files\srware iron (64-bit)\chrome.exe
    FirewallRules: [TCP Query User{EEBB648C-0F23-4738-B9BD-F7F271908B62}C:\users\markaz\downloads\to extract\netbscanner\netbscanner.exe] => (Allow) C:\users\markaz\downloads\to extract\netbscanner\netbscanner.exe
    FirewallRules: [UDP Query User{ADF9095F-A4B5-48ED-B714-85D101ECEC3F}C:\users\markaz\downloads\to extract\netbscanner\netbscanner.exe] => (Allow) C:\users\markaz\downloads\to extract\netbscanner\netbscanner.exe
    FirewallRules: [TCP Query User{5560B9B1-0794-47F9-87EA-F43998446836}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe
    FirewallRules: [UDP Query User{BACACD0D-5ACA-4578-9347-FF7E79FE711B}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe
    FirewallRules: [TCP Query User{22702AB9-CD4C-40ED-95FA-0D4A1719DAE0}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe
    FirewallRules: [UDP Query User{9FFAE5BF-8A17-4C12-B502-95D49B773967}C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\6.60.570\logioptionsmgr.exe
    FirewallRules: [{E79A9B39-40AB-4370-9A40-B2318CF94F39}] => (Allow) LPort=810
    FirewallRules: [TCP Query User{8430750B-9EED-4F1B-88CC-B53D3F0D3A9F}C:\program files (x86)\cisco systems\cisco ip communicator\audiotuningwizard.exe] => (Allow) C:\program files (x86)\cisco systems\cisco ip communicator\audiotuningwizard.exe
    FirewallRules: [UDP Query User{9DD6AA7E-8E39-484E-A959-04FD7CE6CA19}C:\program files (x86)\cisco systems\cisco ip communicator\audiotuningwizard.exe] => (Allow) C:\program files (x86)\cisco systems\cisco ip communicator\audiotuningwizard.exe
    FirewallRules: [TCP Query User{71550101-2021-4515-A965-84E7750AC78A}C:\program files (x86)\cisco systems\cisco ip communicator\communicatork9.exe] => (Allow) C:\program files (x86)\cisco systems\cisco ip communicator\communicatork9.exe
    FirewallRules: [UDP Query User{4469D24E-ED32-4BA2-9309-092E1AA51EBE}C:\program files (x86)\cisco systems\cisco ip communicator\communicatork9.exe] => (Allow) C:\program files (x86)\cisco systems\cisco ip communicator\communicatork9.exe
    FirewallRules: [{A50376E3-7625-42C7-A568-E717ACAB8FA4}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
    FirewallRules: [{C9614A54-D138-4828-AB71-88CD80ACC9C3}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
    FirewallRules: [TCP Query User{2739F35C-2D95-49BB-B1F0-92197E53C17B}C:\users\markaz\downloads\netbscanner\netbscanner.exe] => (Block) C:\users\markaz\downloads\netbscanner\netbscanner.exe
    FirewallRules: [UDP Query User{82102C46-467C-4F59-BA6E-7A251A6389C9}C:\users\markaz\downloads\netbscanner\netbscanner.exe] => (Block) C:\users\markaz\downloads\netbscanner\netbscanner.exe
    FirewallRules: [{2738EC48-5008-4EB3-9040-D8D24AEE1406}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
    FirewallRules: [{B96F77BF-6346-4A9B-8BB6-26D90232B863}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
    FirewallRules: [{837A622D-B900-4DB0-9E38-F76648EF7FFC}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE
    FirewallRules: [{956034F2-D586-45C1-A9C5-84CECE945588}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{7D5966B7-1193-4575-9298-D937E12C4B45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7C16E084-7679-42B6-9D2B-84F647546429}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5CB06A5B-EE14-4387-90A3-72C5605A4999}] => (Allow) C:\Users\MarkAZ\AppData\Local\Google\Chrome SxS\Application\chrome.exe


    ==================== Restore Points =========================


    19-12-2017 16:22:39 SpotOnTheMouse 2.7.2 restore point
    22-12-2017 23:47:53 Installed ImageShack Uploader 2.2.0
    25-12-2017 01:00:19 Driver Booster 5 restore point
    25-12-2017 13:49:03 Fotosizer 2.09 restore point
    25-12-2017 18:08:32 Removed HitFilm Express 2017


    ==================== Faulty Device Manager Devices =============


    Name: Canon MP620 ser Network
    Description: Canon MP620 ser Network
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Canon
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    Name: AppEx Networks Accelerator LWF
    Description: AppEx Networks Accelerator LWF
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: APXACC
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (12/26/2017 08:10:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (12/26/2017 02:59:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (12/25/2017 06:51:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (12/25/2017 06:12:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (12/25/2017 09:08:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (12/25/2017 09:00:06 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: colorcpl.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc56d
    Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94ee4
    Exception code: 0xc0000005
    Fault offset: 0x000000000004dc9d
    Faulting process id: 0x1990
    Faulting application start time: 0x01d37d996ef425c6
    Faulting application path: C:\Windows\system32\colorcpl.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: aca57367-e98c-11e7-82fa-00059a3c7a00


    Error: (12/25/2017 08:59:56 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: colorcpl.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc56d
    Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94ee4
    Exception code: 0xc0000005
    Fault offset: 0x000000000004dc9d
    Faulting process id: 0x1fb4
    Faulting application start time: 0x01d37d996903f133
    Faulting application path: C:\Windows\system32\colorcpl.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: a6b53ed3-e98c-11e7-82fa-00059a3c7a00


    Error: (12/25/2017 08:59:54 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: colorcpl.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc56d
    Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94ee4
    Exception code: 0xc0000005
    Fault offset: 0x000000000004dc9d
    Faulting process id: 0x4ac
    Faulting application start time: 0x01d37d996797bea9
    Faulting application path: C:\Windows\system32\colorcpl.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: a5490c4a-e98c-11e7-82fa-00059a3c7a00


    Error: (12/25/2017 08:59:34 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: colorcpl.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc56d
    Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94ee4
    Exception code: 0xc0000005
    Fault offset: 0x000000000004dc9d
    Faulting process id: 0xda0
    Faulting application start time: 0x01d37d995b71e037
    Faulting application path: C:\Windows\system32\colorcpl.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: 99232dd8-e98c-11e7-82fa-00059a3c7a00


    Error: (12/25/2017 08:59:17 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: colorcpl.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc56d
    Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94ee4
    Exception code: 0xc0000005
    Fault offset: 0x000000000004dc9d
    Faulting process id: 0x6e8
    Faulting application start time: 0x01d37d9950ca35b8
    Faulting application path: C:\Windows\system32\colorcpl.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: 8f2e0a8d-e98c-11e7-82fa-00059a3c7a00




    System errors:
    =============
    Error: (12/26/2017 08:08:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Plays.tv Update Service (PlaysService) service failed to start due to the following error:
    The system cannot find the file specified.


    Error: (12/26/2017 08:08:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
    The system cannot find the file specified.


    Error: (12/26/2017 08:08:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


    Error: (12/26/2017 08:07:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    The dependency service or group failed to start.


    Error: (12/26/2017 08:00:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    The dependency service or group failed to start.


    Error: (12/26/2017 07:28:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    The dependency service or group failed to start.


    Error: (12/26/2017 07:28:34 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
    {D3DCB472-7261-43CE-924B-0704BD730D5F}


    Error: (12/26/2017 07:28:34 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
    {145B4335-FE2A-4927-A040-7C35AD3180EF}


    Error: (12/26/2017 02:57:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    The dependency service or group failed to start.


    Error: (12/26/2017 02:57:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    The dependency service or group failed to start.




    ==================== Memory info ===========================


    Processor: AMD A6-6400K APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 34%
    Total physical RAM: 7367.07 MB
    Available physical RAM: 4793.16 MB
    Total Virtual: 14732.32 MB
    Available Virtual: 11680.34 MB


    ==================== Drives ================================


    Drive c: () (Fixed) (Total:232.79 GB) (Free:156.2 GB) NTFS


    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6E36CE35)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)


    ==================== End of Addition.txt ============================


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,612

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    Hi, slims875.

    I hope that you have explained to your wife that Microsoft will never call anyone regarding their computer. Tech Scammers are well known for this type of fraudulent activity.

    1. Is UAC (User Account Control) normally disabled on the computer? My advice is to enable the default setting, "Notify me only when programs try to make changes to my computer". This way you can make changes to Windows settings but will be notified when programs try to install software or make changes to your computer. When you are intentionally installing a program, it is easy to click "yes" when prompted. However, if that is not the case, you can prevent changes by clicking "no". To make the change to the default setting, click Start, type “uac” into the search box, and then click the “Change User Account Control settings” result.

    2. The version of Malwarebytes installed on your computer is out of date. Malwarebytes Version 3 was released in December 2016. You can get the updated version from here. When installing UNcheck the option for a free trial.

    3. Although shown as updated, BitDefender is listed a disabled. Although the next set of instructions will be to disable your security software, please be sure to re-enable it when completed.

    4. Please do a scan with ESET Online Scanner

    Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

    • Please visit the ESET Online Scanner website
    • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
    • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
    • Select Enable detection of potentially unwanted applications
    • In Advanced Settings: make sure that Clean threats automatically is unchecked
    • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
    • Click Scan
    • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
    • When completed, the program will begin to scan. This may take several hours. Please, be patient.
    • Do not do anything on your machine as it may interrupt the scan.
    • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
    • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

    Don't forget to re-enable previously switched-off protection software!


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3
    slims875's Avatar
    Join Date
    Nov 2017
    Location
    Peoria, Arizona
    Posts
    95

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    Hello Corrine - Thank you very much for taking the time to review this 'case'. I made changes based upon your recommendations/comments and re-scanned with the results below.

    ***---------------------------------------------------------***
    Microsoft Windows 7 Professional X64 Service Pack 1
    UAC is Enabled
    Internet Explorer 11
    Default Browser: C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
    ***------------Antivirus - Antispyware - Firewall-----------***
    Malwarebytes (Enabled - up to Date)
    Bitdefender Antivirus (Enabled - up to Date)
    Bitdefender Antispyware (Enabled - up to Date)
    Malwarebytes (Enabled - up to Date)

    Windows Defender (Disabled - Not up to Date)
    Windows Firewall (Enabled)
    No other Firewall Installed


    ***-------Security Programs - Browsers - Miscellaneous------***
    Adobe Flash Player NPAPI is not installed
    CCleaner (5.36) ==> is out of Date
    Google Chrome (63.0.3239.108)
    Java (8.0.1510.12)
    Malwarebytes (3.3.1.2183)
    Microsoft Silverlight (5.1.50907.0)
    Mozilla Firefox (57.0.2)

    ESET log.txt:

    C:\APPS\ccsetup535.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    C:\APPS\ccsetup536.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    C:\APPS\Defragler221.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
    C:\APPS\FFSetup4.1.0.0.exe Win32/FusionCore.L potentially unwanted application,
    " Win32/FusionCore.N potentially unwanted application
    C:\APPS\SIWPortable_2011.10.29.paf.exe a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application
    C:\Program Files\SIWPortable\SIWPortable.exe a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application
    C:\Program Files (x86)\SIWPortable\SIWPortable.exe a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application
    C:\Users\MarkAZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVIBGJGT\93ZL55AI.htm JS/Chromex.Submelius.AZ trojan
    C:\Users\MarkAZ\Downloads\spotonthemouse_2.7.2_1976926840.exe Win32/InstallCore.Gen.A potentially unwanted application
    Autostart locations Win32/InstallCore.Gen.A potentially unwanted application

    How UAC was set to Disabled,
    I don't know.
    The only reason I could find that Bitdefender showed Disabled was that Autopilot was disabled. What that has to do with the entire program being being disabled, I haven't a clue. It is supposed to only control whether Bitdefender runs in the background.
    Lastly, do you have an opinion about NOD32? I subscribed to it for 3 years but switched to Bitdefender.

    Thanks for the help.

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,612

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    It is possible when your wife gave access to the "tech" that he set UAC to disabled. I definitely like ESET NOD32 and when someone asks for a recommendation of a paid antivirus product, I always respond that ESET is my favorite. That said, BitDefender is also a good program.

    Now that you've updated Malwarebytes, I'd like you to run another scan. The reason is that the ESET log is showing both CCleaner setup and Defragler in your C:\APPS folder as potentially unsafe so I'd like a second opinion. In fact, for this scan only as it is not normally needed, I've included the option to scan for rootkits.

    Please do the following:

    • Open Malwarebytes.
    • Click the Settings menu, followed by the Protection tab.
    • Scroll down to Scan Options and turn the Scan for rootkits setting On.
    • Click the Dashboard menu, followed by Scan Now.
    • If threats are detected, ensure all items are checked at the end of the scan and click Quarantine Selected.
    • If you are prompted to restart, click Yes.
    • Upon completion of the scan or after the reboot, click the Reports menu.
    • Click the Date and Time box to sort by date/time. The most recent date/time should be at the top of the list.
    • Select the first Scan Report in the list and click View Report.
    • Click Export followed by Copy to Clipboard.
    • Paste the report in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5
    slims875's Avatar
    Join Date
    Nov 2017
    Location
    Peoria, Arizona
    Posts
    95

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    Results of Marlwarebytes scan of 12/28/17:

    -Log Details-
    Scan Date: 12/28/17
    Scan Time: 1:19 AM
    Log File: da93c5fe-eba7-11e7-846a-408d5c0c6abc.json
    Administrator: Yes


    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.262
    Update Package Version: 1.0.3575
    License: Trial


    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: MarkAZ-PC\MarkAZ


    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 244021
    Threats Detected: 14
    Threats Quarantined: 14
    Time Elapsed: 4 min, 31 sec


    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect


    -Scan Details-
    Process: 0
    (No malicious items detected)


    Module: 0
    (No malicious items detected)


    Registry Key: 1
    Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [297], [-1],0.0.0


    Registry Value: 6
    Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2609069616-2479026874-2953070309-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Quarantined, [297], [391291],1.0.3575
    Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2609069616-2479026874-2953070309-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Quarantined, [297], [-1],0.0.0
    Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [297], [-1],0.0.0
    Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2609069616-2479026874-2953070309-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [297], [-1],0.0.0
    Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [297], [-1],0.0.0
    Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES|, Quarantined, [297], [391288],1.0.3575


    Registry Data: 0
    (No malicious items detected)


    Data Stream: 0
    (No malicious items detected)


    Folder: 2
    PUP.Optional.DriverAgentPlus, C:\ProgramData\DriverAgentPlus\DriverAgentPlusHelper, Quarantined, [2109], [182329],1.0.3575
    PUP.Optional.DriverAgentPlus, C:\PROGRAMDATA\DRIVERAGENTPLUS, Quarantined, [2109], [182329],1.0.3575


    File: 5
    Adware.YoBrowser, C:\$RECYCLE.BIN\S-1-5-21-2609069616-2479026874-2953070309-1000\$RBNJU2U.ZIP, Quarantined, [1449], [473100],1.0.3575
    Adware.YoBrowser, C:\$RECYCLE.BIN\S-1-5-21-2609069616-2479026874-2953070309-1000\$R2FLYMM\SETUP.EXE, Quarantined, [1449], [473100],1.0.3575
    Adware.YoBrowser, C:\$RECYCLE.BIN\S-1-5-21-2609069616-2479026874-2953070309-1000\$RUJ3ATP.ZIP, Quarantined, [1449], [473100],1.0.3575
    Trojan.Injector, C:\USERS\MARKAZ\APPDATA\LOCAL\TEMP\IS-K7E33.TMP\AUTARCHIST.DLL, Delete-on-Reboot, [8], [473097],1.0.3575
    PUP.Optional.BundleInstaller, C:\USERS\MARKAZ\DOWNLOADS\SPOTONTHEMOUSE_2.7.2_1976926840.EXE, Quarantined, [19], [471295],1.0.3575


    Physical Sector: 0
    (No malicious items detected)




    (end)

    ​I'm somewhat surprised to see the number of Registry items detected. Also, three (3) Registry items indicate PROXYENABLE as part of the value data. I have never seen that before in all of the years of editing within the Registry.

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,612

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    Hi, slims875.

    Before I forget again, I meant to mention before that I agree 100% with Digerati's advice regarding Updating Drivers.

    This explains where the "proxyenable" came from: Remove Hijack.AutoConfigURL.PrxySvrRST adware. In reading that note that it is bundled within the custom installer on many download sites, which is likely why ESET identified the various files. Along with the advice to always to to the product site to download programs rather than third-party sites, we'll go ahead and remove what ESET detected.

    Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-18\...\Run: [] => [X]
    ManualProxies: 0hxxp://web-unstop.com/wpad.dat?a21ef1e489afda9723284a7f6614c8df37412136
    CHR Extension: (SaveFrom.net helper) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2017-12-21] [UpdateUrl: hxxp://download.sf-helper.com/chrome/updates-3.xml] <==== ATTENTION
    CHR Extension: (SaveFrom.net helper) - C:\Users\MarkAZ\Iron Extensions\Unpacked Extensions\Savefrom [2015-09-14] [UpdateUrl: hxxp://sf-addon.com/helper/chrome/updates-3.xml] <==== ATTENTION
    S2 PlaysService; "C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe" [X]
    S2 APXACC; system32\DRIVERS\appexDrv.sys [X]
    S3 atillk64; \??\C:\Program Files (x86)\AMD\atillk64.sys [X]
    S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    FirewallRules: [{CB996C68-6075-4171-9A01-A4529D81DA83}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{917EA8DF-DCAD-43A8-BD0B-94B203B4B73B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{E5BA6859-7F36-44CC-B496-E91E777CEBA3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{714D5ADF-2137-4DF1-8083-2FE205B1CA88}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    C:\APPS\ccsetup535.exe
    C:\APPS\ccsetup536.exe
    C:\APPS\Defragler221.exe
    C:\APPS\FFSetup4.1.0.0.exe
    C:\APPS\SIWPortable_2011.10.29.paf.exe
    C:\Program Files\SIWPortable\SIWPortable.exe
    C:\Program Files (x86)\SIWPortable
    C:\Users\MarkAZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVIBGJGT\93ZL55AI.htm
    C:\Users\MarkAZ\Downloads\spotonthemouse_2.7.2_1976926840.exe
    EmptyTemp:
    End::
    • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
    • Please post the log in your next reply and let me know how your computer is doing.
    Last edited by Corrine; 12-29-2017 at 07:52 PM.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7
    xilolee's Avatar
    Join Date
    Dec 2013
    Location
    World, Europe, Italy
    Posts
    2,108
    • specs System Specs
      • Manufacturer:
        XILOLEE.com
      • Model Number:
        XILO
      • Motherboard:
        ASROCK FM2A88M Pro3+ chipset A88X Bolton-D4
      • CPU:
        A10-7800, 4 CPU, 4 thr, 65/45W, FM2+, 28nm, Steamroller/Kaveri
      • Memory:
        10GB (Nanya and kingston ddr3-1333 9-9-9-24)
      • Graphics:
        Radeon R7 720MHz (8 GPU cores, integrated in CPU)
      • Sound Card:
        RealTek ALC662 (integrated in MB)
      • Hard Drives:
        Seagate ST500DM002-1BD142 500GB 7200RPM
      • Power Supply:
        SuperFlower 450W 80+ Platinum (SF-450P14PE)
      • Case:
        Sharkoon VG4-S
      • Cooling:
        Realtek RTL8111GR (NIC integrated in MB)
      • Display:
        Samsung SyncMaster SA100 LS22A100NS-EN
      • Operating System:
        Windows 10 Home/Standard x64

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    Ccleaner and defraggler are reported as unsafe because they offer to install google toolbar.

    SIW portable should be a program like speccy/HWinfo/cpu-z + sysinternals autoruns + a software that retrieves license keys + other features.
    That could be the Technician's Version, standalone, and should be installed on purpose.

    If it wasn't installed on purpose, obviously it should be deleted.

  8. #8
    slims875's Avatar
    Join Date
    Nov 2017
    Location
    Peoria, Arizona
    Posts
    95

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    I delete all instances of FRST64 and downloaded a fresh copy after receiving this every time I click on Fix:

    [7SP1Pro x64] My Computer Was Remotely Accessed-2017-12-29_032747-jpg

    Only thing that has changed since I ran it a few days ago is UAC being changed.

  9. #9
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,612

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    The fixlist.txt must be in the same folder as FRST. Previously, it was located on your desktop, C:\Users\MarkAZ\Desktop. Is that where both the newly-downloaded version as well as fixlist.txt are located? With UAC changed back to the way you normally had the setting, when right-clicking FRST, you would receive a UAC prompt to run and the UAC change would not have any impact on running the fix.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  10. #10
    slims875's Avatar
    Join Date
    Nov 2017
    Location
    Peoria, Arizona
    Posts
    95

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    FRST64 has always been on the Desktop. Please attach fixlist.txt to your reply. I can't find where you attached it in any of your previous posts.

  11. #11
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,612

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    Scroll back up to post #6 and, under the red warning, see the instructions for copying the text in the code box: (Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".) Follow those instructions to the end. When completed, you will have the resultant fixlist.txt.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  12. #12
    slims875's Avatar
    Join Date
    Nov 2017
    Location
    Peoria, Arizona
    Posts
    95

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    Good grief. I need new glasses. After I changed the .txt file name I was attempting to fix fixlist,txt. So what a comma amongst friends?

    Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017Ran by MarkAZ (29-12-2017 18:14:07) Run:1
    Running from C:\Users\MarkAZ\Desktop
    Loaded Profiles: MarkAZ (Available Profiles: MarkAZ)
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-18\...\Run: [] => [X]
    ManualProxies: 0hxxp://web-unstop.com/wpad.dat?a21ef1e489afda9723284a7f6614c8df37412136
    CHR Extension: (SaveFrom.net helper) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2017-12-21] [UpdateUrl: hxxp://download.sf-helper.com/chrome/updates-3.xml] <==== ATTENTION
    CHR Extension: (SaveFrom.net helper) - C:\Users\MarkAZ\Iron Extensions\Unpacked Extensions\Savefrom [2015-09-14] [UpdateUrl: hxxp://sf-addon.com/helper/chrome/updates-3.xml] <==== ATTENTION
    S2 PlaysService; "C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe" [X]
    S2 APXACC; system32\DRIVERS\appexDrv.sys [X]
    S3 atillk64; \??\C:\Program Files (x86)\AMD\atillk64.sys [X]
    S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    FirewallRules: [{CB996C68-6075-4171-9A01-A4529D81DA83}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{917EA8DF-DCAD-43A8-BD0B-94B203B4B73B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{E5BA6859-7F36-44CC-B496-E91E777CEBA3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{714D5ADF-2137-4DF1-8083-2FE205B1CA88}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    C:\APPS\ccsetup535.exe
    C:\APPS\ccsetup536.exe
    C:\APPS\Defragler221.exe
    C:\APPS\FFSetup4.1.0.0.exe
    C:\APPS\SIWPortable_2011.10.29.paf.exe
    C:\Program Files\SIWPortable\SIWPortable.exe
    C:\Program Files (x86)\SIWPortable
    C:\Users\MarkAZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVIBGJGT\93ZL55AI.htm
    C:\Users\MarkAZ\Downloads\spotonthemouse_2.7.2_1976926840.exe
    EmptyTemp:


    *****************


    Restore point was successfully created.
    Processes closed successfully.
    "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\" => removed successfully
    CHR Extension: (SaveFrom.net helper) - C:\Users\MarkAZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2017-12-21] [UpdateUrl: hxxp://download.sf-helper.com/chrome/updates-3.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
    CHR Extension: (SaveFrom.net helper) - C:\Users\MarkAZ\Iron Extensions\Unpacked Extensions\Savefrom [2015-09-14] [UpdateUrl: hxxp://sf-addon.com/helper/chrome/updates-3.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
    "HKLM\System\CurrentControlSet\Services\PlaysService" => removed successfully
    PlaysService => service removed successfully
    "HKLM\System\CurrentControlSet\Services\APXACC" => removed successfully
    APXACC => service removed successfully
    "HKLM\System\CurrentControlSet\Services\atillk64" => removed successfully
    atillk64 => service removed successfully
    "HKLM\System\CurrentControlSet\Services\DrvAgent64" => removed successfully
    DrvAgent64 => service removed successfully
    "HKLM\System\CurrentControlSet\Services\gdrv" => removed successfully
    gdrv => service removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB996C68-6075-4171-9A01-A4529D81DA83}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{917EA8DF-DCAD-43A8-BD0B-94B203B4B73B}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E5BA6859-7F36-44CC-B496-E91E777CEBA3}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{714D5ADF-2137-4DF1-8083-2FE205B1CA88}" => removed successfully
    C:\APPS\ccsetup535.exe => moved successfully
    C:\APPS\ccsetup536.exe => moved successfully
    C:\APPS\Defragler221.exe => moved successfully
    C:\APPS\FFSetup4.1.0.0.exe => moved successfully
    C:\APPS\SIWPortable_2011.10.29.paf.exe => moved successfully
    C:\Program Files\SIWPortable\SIWPortable.exe => moved successfully
    C:\Program Files (x86)\SIWPortable => moved successfully
    C:\Users\MarkAZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVIBGJGT\93ZL55AI.htm => moved successfully
    "C:\Users\MarkAZ\Downloads\spotonthemouse_2.7.2_1976926840.exe" => not found


    =========== EmptyTemp: ==========


    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29272245 B
    Java, Flash, Steam htmlcache => 523 B
    Windows/system/drivers => 23452961 B
    Edge => 0 B
    Chrome => 387899258 B
    Firefox => 406997882 B
    Opera => 0 B


    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 79591185 B
    systemprofile32 => 67230 B
    LocalService => 66228 B
    NetworkService => 0 B
    MarkAZ => 773753895 B


    RecycleBin => 104773 B
    EmptyTemp: => 1.6 GB temporary data Removed.


    ================================




    The system needed a reboot.


    ==== End of Fixlog 18:14:38 ====
    Last edited by Corrine; 12-30-2017 at 11:12 AM.

  13. #13
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,612

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    Believe me, sometimes it is the simplest things that befuddle the mind and it happens to everyone.

    Since you indicated that your wife mainly uses the computer for staying in touch in Facebook, you may want to consider setting up a standard user account for her use rather than her using your administrator account. Standard users can use most of the capabilities on the machine. However, they cannot install software, delete system files, or change settings. If you decide to do that, open Control Panel and choose "User Accounts and Family Safety" > "Add or remove user accounts". Click on "Create a new account". Type in the new account name, select either the "Standard Users" user type, and then click "Create Account". Note that by default, Windows assigns no password. Determine with your wife what password she wants and then click on her user's icon and selecting Create a password.

    Is your computer running ok now? Any questions?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  14. #14
    slims875's Avatar
    Join Date
    Nov 2017
    Location
    Peoria, Arizona
    Posts
    95

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    I was going to inquire about setting up the computer with tighter restrictions for my wife....and you answered. The machine is running very well with no traces or footprints of that unwanted guest. One last question before a final thank you. I'm considering keeping MBytes Premium. Is it a good idea to run BitDefender and MBytes concurrently? If you had to keep one, which would it be?

  15. #15
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,612

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    I never promoted myself as a mind reader but . . .

    Not every vendor has the same definitions, update schedule, rules for what they detect, and even different research methods. I've been around since the development of Malwarebytes (MBAM), "knowing" many of the people involved in various online forums so, of course, I am partial to the program. When I was using Windows 7, I had Microsoft Security Essentials and Malwarebytes Premium (now named Pro). Now that I am using Windows 10, I have Windows Defender and Malwarebytes Pro running concurrently. I don't know if it is the same for Windows 7 and BitDefender, but with Windows 10 and Defender + MBAM, it was necessary to go to Settings and under "Windows Action Center" change the setting to "Never register Malwarebytes in the Windows Action Center".

    Let's clean up the tools/logs. Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log.

    If you have any other questions, don't hesitate to ask.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  16. #16
    xilolee's Avatar
    Join Date
    Dec 2013
    Location
    World, Europe, Italy
    Posts
    2,108
    • specs System Specs
      • Manufacturer:
        XILOLEE.com
      • Model Number:
        XILO
      • Motherboard:
        ASROCK FM2A88M Pro3+ chipset A88X Bolton-D4
      • CPU:
        A10-7800, 4 CPU, 4 thr, 65/45W, FM2+, 28nm, Steamroller/Kaveri
      • Memory:
        10GB (Nanya and kingston ddr3-1333 9-9-9-24)
      • Graphics:
        Radeon R7 720MHz (8 GPU cores, integrated in CPU)
      • Sound Card:
        RealTek ALC662 (integrated in MB)
      • Hard Drives:
        Seagate ST500DM002-1BD142 500GB 7200RPM
      • Power Supply:
        SuperFlower 450W 80+ Platinum (SF-450P14PE)
      • Case:
        Sharkoon VG4-S
      • Cooling:
        Realtek RTL8111GR (NIC integrated in MB)
      • Display:
        Samsung SyncMaster SA100 LS22A100NS-EN
      • Operating System:
        Windows 10 Home/Standard x64

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    From malwarebytes.com:
    Does Malwarebytes Premium replace Anti-Virus software?
    Malwarebytes has incorporated all our protection technology in to one program and is strong enough to protect your computer on its own. We have enhanced our detection technologies to make our software more effective in finding and remediating malicious software.
    Along with our remediation, Premium subscriptions will receive the following active protection modules: Malware Protection, Web Protection, Exploit Protection, Ransomware Protection.
    Malwarebytes 3 Premium is our best security offering to date and can serve as the computer's primary source of software-based protection.
    There are alternate compatibility settings offered within Malwarebytes 3 Premium for users with an existing Anti-Virus on their PC. See Malwarebytes 3 and Windows Action Center (WAC).

    Malwarebytes Premium for Windows and Windows Action Center (WAC)
    [cut]
    Is Malwarebytes compatible with WAC?
    Previous versions of Malwarebytes Premium for Windows, also known as Malwarebytes 3, did not appear in the Windows Action Center as a recognized security solution primarily due to the fact that Malwarebytes was not considered an Anti-Virus replacement or designed to register with this framework.
    Malwarebytes Premium for Windows now has the capability to register in Windows Action Center, allowing users to configure Malwarebytes as their primary security solution, or to run alongside their third party antivirus application.
    [cut]
    Therefore they say malwarebytes can be used as unique solution or can be run "alongside" another antivirus (without known issues).

    That said, given that you are using the free version of bitdefender, you can always uninstall it later if you encounter any problems.
    As a general rule, experts say it's not a good idea to run two antivirus solutions at the same time (i.e., both with active monitoring).
    Someone tries to use the "exclusion" feature of both antivirus to make them unaware of each other, but it seems compatibility problems appear even in that case.

    You can use both their trial versions (first one until the period finishes, then the other one) to help you decide the best program for you.

  17. #17
    StruldBrug's Avatar
    Join Date
    Jul 2017
    Location
    Salish Sea
    Posts
    9
    • specs System Specs
      • Motherboard:
        AliveSata2-Glan
      • CPU:
        AMD Athlon 64 X2 5000+
      • Memory:
        4GB Dual DDR2 @ 259MHz
      • Graphics:
        NVIDIA GeForce GT 620
      • Sound Card:
        Realtek HD Audio
      • Hard Drives:
        149 Seagate ATA
      • Disk Drives:
        DVD-CD ATA
      • Cooling:
        Fans
      • Display:
        ViewSonic
      • Operating System:
        WIN7 Sp1 Home 64

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    Your initial post has that you make several scans on Sunday. Keep doing this for your wife's sake. I too, run Win7. I run MSE realtime. Over a year ago after MBAM v3 came out, I ran it parallel with MSE, during the 30 day trial period ... no problems. A couple of years back, I did the same with BD Free ... no problems. An interesting note, BD had an AV test file. I ran it, MSE caught and quarantined it. Immediately, BD flagged the MSE quarantine. Yet, while compatibility seemed okay, I did notice a slight amount of sluggishness, when running the dual realtime tests. It wasn't bad though. However, I recommend only one at a time to avoid potential issues.

  18. #18
    slims875's Avatar
    Join Date
    Nov 2017
    Location
    Peoria, Arizona
    Posts
    95

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    Right now my computer is running great with no issues. My wife now has her own User Account from which some mysterious things will occur. I want to especially thank Corrine for great guidance.

    Thanks to everyone who posted some advice or their experience(s). Because I re-purchased my BitDefender license a few months ago I'll keep using it until it expires. The trial period for MBAM3 is over in a week and I'm going to purchase it as well. Running concurrently With BD there have been no hiccups. I like MBAM's real time protection a lot so why wait.....right??

    Everyone have a great 2018!
    Corrine says thanks for this.

  19. #19
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,612

    Re: [7SP1Pro x64] My Computer Was Remotely Accessed

    You are very welcome, slims875! I'm happy we were able to help. The best to you in 2018!


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. Error 1719. The Windows Installer Service Could Not Be Accessed
    By Hulkster in forum Windows 7 | Windows Vista
    Replies: 5
    Last Post: 03-11-2017, 10:30 AM
  2. Replies: 0
    Last Post: 08-06-2015, 11:19 PM
  3. Replies: 0
    Last Post: 01-19-2015, 05:38 AM
  4. Replies: 3
    Last Post: 08-29-2013, 03:27 PM
  5. Replies: 2
    Last Post: 07-24-2012, 10:56 PM

Log in

Log in