Inactive Security Center Service and Windows Defender Disabled

virginia · 2018/05/15

Broni,
I started with this unit in the Vista forum and got the initial problem of being unable to boot up to the Desktop resolved. Apparently had a corrupted User profile. Created a new user profile, transferred appropriate files, and removed the corrupted profile.
All seems to be well in that arena but I discovered during the process that the Security Center Service couldn't be started nor could I open Windows Defender. I tried to manually start the SCE in the Services module but it balked. Got an "Error 1068: The dependencvy service or group failed to start".
I uninstalled Microsoft Security Essentials (wouldn't run on this Vista). I had problems trying to install a couple of the free AV's and finally got Avast to install. Don't know if malware is afoot but thought I would have you take a look.

FARBAR

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13.05.2018
Ran by Corene2 (administrator) on CORENE-PC (15-05-2018 16:58:35)
Running from C:\Users\Corene2\Desktop
Loaded Profiles: Corene2 (Available Profiles: Corene2 & Administrator)
Platform: Windows Vista (TM) Home Basic Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
() C:\Windows\System32\WinService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\System32\FastUserSwitching.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(CyberLink Corp.) C:\Program Files\DELL\MediaDirect\PCMService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\LifeExp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\System32\MediaButtons.exe
(TODO: <Company name>) C:\Windows\System32\TestUnitReady.exe
(DELL COMPUTER INC.) C:\Windows\System32\DELLODD.exe
(DELL COMPUTER INC.) C:\Windows\System32\DELLOSD.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-08-26] (Realtek Semiconductor)
HKLM\...\Run: [DellOSD] => C:\Windows\System32\FastUserSwitching.exe [208896 2008-07-17] ()
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-11-18] (Google)
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2010-02-15] (Apple Inc.)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-15] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-01-21] (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2009-11-18] (Google)
Startup: C:\Users\Corene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - Corene's HP ENVY 4500.lnk [2018-04-19]
ShortcutTarget: Monitor Ink Alerts - Corene's HP ENVY 4500.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
Startup: C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - Corene's HP ENVY 4500.lnk [2018-05-15]
ShortcutTarget: Monitor Ink Alerts - Corene's HP ENVY 4500.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 68.100.16.30 68.10.16.30 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{678F5BF4-7BCD-46AC-8123-45880871CCC0}: [DhcpNameServer] 68.100.16.30 68.10.16.30 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{7E36EABA-C249-42B4-BFE4-6F2201E84489}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090121
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1260120000-521481097-4230313768-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090121
HKU\S-1-5-21-1260120000-521481097-4230313768-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090121
SearchScopes: HKU\S-1-5-21-1260120000-521481097-4230313768-1001 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=O7cbLg9ntHsAZee0tldomVDc_ZM?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10] (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-15] (AVAST Software)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/60.08/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-01-26] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2010-02-19] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Corene2\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Corene2\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://fiihbfmmhmggfhkflnhllkpkcpnglemk/newtab/slim_newtabpage.html", Not-active:"chrome-extension://pacogkibldhicojmklpbapiilaleilbp/newtab/newtab.html", Not-active:"chrome-extension://njmeghckbeiadjjdfjicdiabhninckfp/newtab/newtab.html", Not-active:"chrome-extension://jnlpahmopiebiglhljlmbdhpcpmigkgf/newtab/newtab.html"
CHR Profile: C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default [2018-05-14]
CHR Extension: (YouTube) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-14]
CHR Extension: (Google Search) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2018-05-14]
CHR Extension: (Gmail) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2018-05-14]
CHR Extension: (Ask Web Search) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfehfbnofiffladdncogfobimealokp [2018-05-14]
CHR Extension: (Skype) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-05-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-14]
CHR Extension: (Gmail) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
StartMenuInternet: Google Chrome.IAKGPFYDLCCAPWPM4G5E4BQHKI - C:\Users\Corene\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-05-13] (Adobe Systems Incorporated) [File not signed]
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-08-26] (Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5963368 2018-05-15] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-15] (AVAST Software)
R2 DELLODDSrv; C:\Windows\System32\WinService.exe [65536 2008-07-17] () [File not signed]
S3 GoogleDesktopManager-110309-193829; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-11-18] (Google)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-01-21] (Citrix Online, a division of Citrix Systems, Inc.)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-05-15] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-05-15] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-05-15] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-05-15] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-05-15] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [184632 2018-05-15] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-05-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133160 2018-05-15] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr.sys [70576 2018-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71840 2018-05-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784112 2018-05-15] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [392368 2018-05-15] (AVAST Software)
R3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [205344 2018-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-05-15] (AVAST Software)
R3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14392 2008-04-16] ()
R3 Linksys_adapter; C:\Windows\System32\DRIVERS\AE2500vista.sys [1073216 2011-03-30] (Broadcom Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-05-08] (Windows (R) Codename Longhorn DDK provider)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-15 08:30 - 2018-05-15 08:30 - 000001831 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-05-15 08:30 - 2018-05-15 08:30 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\AVAST Software
2018-05-15 08:30 - 2018-05-15 08:30 - 000000000 ____D C:\Users\Corene2\AppData\Local\CEF
2018-05-15 08:30 - 2018-05-15 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-05-15 08:30 - 2018-05-15 08:30 - 000000000 _____ C:\Windows\system32\last.dump
2018-05-15 08:28 - 2018-05-15 08:28 - 001142072 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-05-15 08:28 - 2018-05-15 08:28 - 000392368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-15 08:28 - 2018-05-15 08:28 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-05-15 08:28 - 2018-05-15 08:28 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-15 08:28 - 2018-05-15 08:28 - 000205344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2018-05-15 08:28 - 2018-05-15 08:28 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-15 08:28 - 2018-05-15 08:28 - 000133160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-15 08:28 - 2018-05-15 08:28 - 000071840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-15 08:28 - 2018-05-15 08:28 - 000070576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2018-05-15 08:28 - 2018-05-15 08:28 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-15 08:28 - 2018-05-15 08:28 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-05-15 08:28 - 2018-05-15 08:27 - 000784112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-15 08:28 - 2018-05-15 08:27 - 000276688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-05-15 08:28 - 2018-05-15 08:27 - 000185432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-05-15 08:28 - 2018-05-15 08:27 - 000184632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-05-15 08:28 - 2018-05-15 08:27 - 000157368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-05-15 08:28 - 2018-05-15 08:27 - 000050336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-05-15 08:26 - 2018-05-15 08:26 - 000000000 ____D C:\Program Files\AVAST Software
2018-05-15 08:25 - 2018-05-15 09:36 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-15 08:25 - 2018-05-15 08:25 - 006334880 _____ (AVAST Software) C:\Users\Corene2\Downloads\avast_free_antivirus_setup_online.exe
2018-05-14 17:17 - 2018-05-15 16:58 - 000014945 _____ C:\Users\Corene2\Desktop\FRST.txt
2018-05-14 17:17 - 2018-05-15 16:58 - 000000000 ____D C:\FRST
2018-05-14 17:17 - 2018-05-14 17:18 - 000031746 _____ C:\Users\Corene2\Desktop\Addition.txt
2018-05-14 17:12 - 2018-05-14 17:12 - 001765376 _____ (Farbar) C:\Users\Corene2\Desktop\FRST.exe
2018-05-14 17:06 - 2018-05-14 17:06 - 000000104 _____ C:\Users\Corene2\Desktop\Internet - Shortcut.lnk
2018-05-14 10:35 - 2018-05-14 10:35 - 000000000 ____D C:\Users\Corene2\Desktop\Corene
2018-05-14 09:20 - 2018-05-14 09:20 - 000001537 _____ C:\Users\Corene2\Desktop\Windows Explorer.lnk
2018-05-14 08:36 - 2018-05-14 08:36 - 000000000 ____D C:\Users\Corene2\Desktop\Samuel- Pictures
2018-05-14 08:36 - 2018-05-14 08:36 - 000000000 ____D C:\Users\Corene2\Desktop\New Folder
2018-05-14 08:36 - 2018-05-14 08:36 - 000000000 ____D C:\Users\Corene2\Desktop\Chris Employment
2018-05-14 08:36 - 2017-11-01 20:21 - 053539342 _____ C:\Users\Corene2\Desktop\Tim Alabama video.MOV
2018-05-14 08:36 - 2017-07-03 17:31 - 001464731 _____ C:\Users\Corene2\Desktop\Amazing Grace.3gp
2018-05-14 08:36 - 2017-04-18 10:52 - 002302976 _____ C:\Users\Corene2\Desktop\outlook_archive.pst
2018-05-14 08:36 - 2013-09-24 11:01 - 004944894 _____ C:\Users\Corene2\Desktop\IMG_0179.MOV
2018-05-14 08:36 - 2012-12-28 16:05 - 000000158 _____ C:\Users\Corene2\Desktop\Computer Club.url
2018-05-14 08:36 - 2012-08-30 14:27 - 000000418 _____ C:\Users\Corene2\Desktop\Katie - Shortcut.lnk
2018-05-14 08:36 - 2011-03-05 15:10 - 000002921 _____ C:\Users\Corene2\Desktop\Gmail - Fw Fwd FW Thomas Jefferson.txt
2018-05-14 08:36 - 2010-11-27 11:27 - 000001214 _____ C:\Users\Corene2\Desktop\recovery.txt
2018-05-14 08:36 - 2010-11-16 16:13 - 000000227 _____ C:\Users\Corene2\Desktop\Hotmail - corene.114@hotmail.com - Windows Live.url
2018-05-14 08:36 - 2010-10-24 13:29 - 000001653 _____ C:\Users\Corene2\Desktop\Magnify.lnk
2018-05-14 08:35 - 2018-05-14 08:35 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Tencent
2018-05-14 08:35 - 2018-05-14 08:35 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\skypePM
2018-05-14 08:35 - 2018-05-14 08:35 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Skype
2018-05-14 08:35 - 2018-05-14 08:35 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Mozilla
2018-05-14 08:35 - 2018-05-14 08:35 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-05-14 08:35 - 2016-04-09 05:32 - 000002057 _____ C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Macromedia
2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Google
2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Dell
2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Adobe
2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\LocalLow\Sun
2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\LocalLow\Google
2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\LocalLow\Apple Computer
2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\LocalLow\Adobe
2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\Local\WinZip
2018-05-14 08:34 - 2010-11-16 16:08 - 000038440 _____ C:\Users\Corene2\AppData\Roaming\Comma Separated Values (Windows).ADR
2018-05-14 08:34 - 2010-02-17 10:20 - 008653312 _____ (Dell, Inc. ) C:\Users\Corene2\AppData\Roaming\DataSafeDotNet.exe
2018-05-14 08:28 - 2018-05-14 08:28 - 000000000 ____D C:\Users\Corene2\AppData\Local\Stardock_Corporation
2018-05-14 08:23 - 2018-05-14 08:23 - 000000000 ____D C:\Users\Corene2\AppData\Local\HP
2018-05-14 08:21 - 2018-05-14 09:23 - 000004096 _____ C:\Users\Corene2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-14 08:21 - 2018-05-14 08:21 - 000000000 ____D C:\Users\Corene2\AppData\Local\Apps\2.0
2018-05-14 08:21 - 2018-05-14 08:21 - 000000000 ____D C:\Users\Corene2\AppData\Local\Apple Computer
2018-05-14 08:21 - 2018-05-14 08:21 - 000000000 ____D C:\Users\Corene2\AppData\Local\Apple
2018-05-14 08:21 - 2018-05-14 08:21 - 000000000 ____D C:\Users\Corene2\AppData\Local\Adobe
2018-05-14 08:21 - 2018-04-15 06:26 - 000006080 _____ C:\Users\Corene2\AppData\Local\d3d9caps.dat
2018-05-14 08:21 - 2009-10-03 16:50 - 000000000 ____D C:\Users\Corene2\AppData\Local\Deployment
2018-05-14 08:20 - 2018-03-23 14:24 - 007393885 _____ C:\Users\Corene2\Downloads\VID-20180119-WA001312.mp4
2018-05-14 08:20 - 2017-11-01 20:27 - 053539342 _____ C:\Users\Corene2\Downloads\IMG_2636 (5).MOV
2018-05-14 08:20 - 2017-11-01 20:21 - 053539342 _____ C:\Users\Corene2\Downloads\IMG_2636 (4).MOV
2018-05-14 08:20 - 2017-10-31 14:06 - 002242179 _____ C:\Users\Corene2\Downloads\VID-20161223-WA0004 (1).mp4
2018-05-14 08:20 - 2017-10-31 14:05 - 002242179 _____ C:\Users\Corene2\Downloads\VID-20161223-WA0004.mp4
2018-05-14 08:20 - 2017-10-28 14:56 - 053539342 _____ C:\Users\Corene2\Downloads\IMG_2636 (3).MOV
2018-05-14 08:20 - 2017-10-28 14:46 - 053539342 _____ C:\Users\Corene2\Downloads\IMG_2636 (2).MOV
2018-05-14 08:20 - 2017-10-28 14:42 - 053539342 _____ C:\Users\Corene2\Downloads\IMG_2636 (1).MOV
2018-05-14 08:20 - 2017-10-28 14:37 - 053539342 _____ C:\Users\Corene2\Downloads\IMG_2636.MOV
2018-05-14 08:20 - 2017-09-30 20:13 - 000874648 _____ (Google Inc.) C:\Users\Corene2\Downloads\Unconfirmed 175057.crdownload
2018-05-14 08:20 - 2017-07-03 17:34 - 001464731 _____ C:\Users\Corene2\Downloads\Voice_170622_2 (5).3gp
2018-05-14 08:20 - 2017-07-03 17:31 - 001464731 _____ C:\Users\Corene2\Downloads\Voice_170622_2 (4).3gp
2018-05-14 08:20 - 2017-06-23 07:34 - 001464731 _____ C:\Users\Corene2\Downloads\Voice_170622_2 (3).3gp
2018-05-14 08:20 - 2017-06-23 07:34 - 001464731 _____ C:\Users\Corene2\Downloads\Voice_170622_2 (2).3gp
2018-05-14 08:20 - 2017-06-23 06:53 - 001464731 _____ C:\Users\Corene2\Downloads\Voice_170622_2 (1).3gp
2018-05-14 08:20 - 2017-06-23 06:52 - 001464731 _____ C:\Users\Corene2\Downloads\Voice_170622_2.3gp
2018-05-14 08:20 - 2016-11-23 15:15 - 022851472 _____ (Malwarebytes ) C:\Users\Corene2\Downloads\mbam-setup-2.2.1.1043.exe
2018-05-14 08:20 - 2016-11-23 15:10 - 000720477 _____ C:\Users\Corene2\Downloads\Mosaic of Thanksgiving.pdf
2018-05-14 08:20 - 2016-06-14 12:22 - 010210745 _____ C:\Users\Corene2\Downloads\IMG_1132 (3).MOV
2018-05-14 08:20 - 2016-06-14 12:22 - 010210745 _____ C:\Users\Corene2\Downloads\IMG_1132 (2).MOV
2018-05-14 08:20 - 2016-06-14 12:21 - 010210745 _____ C:\Users\Corene2\Downloads\IMG_1132.MOV
2018-05-14 08:20 - 2016-06-14 12:21 - 010210745 _____ C:\Users\Corene2\Downloads\IMG_1132 (1).MOV
2018-05-14 08:20 - 2016-04-13 14:44 - 000083442 _____ C:\Users\Corene2\Downloads\UMW News Article.pdf
2018-05-14 08:20 - 2016-03-24 07:08 - 000113554 _____ C:\Users\Corene2\Downloads\Kindle Update.pdf
2018-05-14 08:20 - 2016-03-02 13:31 - 000029869 _____ C:\Users\Corene2\Downloads\noname (5)
2018-05-14 08:20 - 2016-01-26 08:29 - 000034464 _____ C:\Users\Corene2\Downloads\noname (4)
2018-05-14 08:20 - 2015-07-14 21:29 - 000303387 _____ C:\Users\Corene2\Downloads\US_NW_706028276_1.pdf
2018-05-14 08:20 - 2015-07-14 21:27 - 000052350 _____ C:\Users\Corene2\Downloads\Pay Statement (6.12.2015) (1).pdf
2018-05-14 08:20 - 2015-07-14 21:26 - 000052350 _____ C:\Users\Corene2\Downloads\Pay_Statement (6.26.2015).pdf
2018-05-14 08:20 - 2015-07-14 21:26 - 000052350 _____ C:\Users\Corene2\Downloads\Pay Statement (6.12.2015).pdf
2018-05-14 08:20 - 2015-05-12 20:19 - 000176387 _____ C:\Users\Corene2\Downloads\noname (3)
2018-05-14 08:20 - 2015-05-12 20:16 - 000183084 _____ C:\Users\Corene2\Downloads\noname (1)
2018-05-14 08:20 - 2015-05-12 20:16 - 000183084 _____ C:\Users\Corene2\Downloads\noname
2018-05-14 08:20 - 2015-05-12 20:16 - 000176387 _____ C:\Users\Corene2\Downloads\noname (2)
2018-05-14 08:20 - 2015-04-14 06:50 - 003196928 _____ C:\Users\Corene2\Downloads\Sculptures-en-papier-FarWest_aca.pps
2018-05-14 08:20 - 2014-11-01 13:32 - 005519360 _____ C:\Users\Corene2\Downloads\Mirrors_On_Quiet_Waters.pps
2018-05-14 08:20 - 2014-11-01 13:32 - 005519360 _____ C:\Users\Corene2\Downloads\Mirrors_On_Quiet_Waters (1).pps
2018-05-14 08:20 - 2014-07-25 21:01 - 002020523 _____ C:\Users\Corene2\Downloads\Please_DocuSign_this_document_Kiernan_Offer_.pdf
2018-05-14 08:20 - 2014-07-25 21:01 - 002020523 _____ C:\Users\Corene2\Downloads\Please_DocuSign_this_document_Kiernan_Offer_ (1).pdf
2018-05-14 08:20 - 2010-06-05 07:08 - 001924976 _____ (Adobe Systems Incorporated) C:\Users\Corene2\Downloads\install_flash_player.exe
2018-05-14 08:20 - 2009-05-14 18:29 - 000191771 _____ C:\Users\Corene2\Downloads\Information and Forms for New Patients.pdf
2018-05-14 08:20 - 2009-02-12 15:13 - 000219370 _____ C:\Users\Corene2\Downloads\StatementPDFServlet
2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Unzipped
2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Tencent Files
2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\St John's
2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Grandchildren
2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Food
2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Finances
2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Family & friends
2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Dan Med Dir
2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Dan Ltrs
2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Dan & Corene Doc
2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\BP-Corene & Dan
2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\archive
2018-05-14 08:19 - 2017-12-19 20:21 - 018495327 _____ C:\Users\Corene2\Downloads\IMG_0100.MOV
2018-05-14 08:19 - 2017-03-30 11:06 - 008959851 _____ C:\Users\Corene2\Downloads\Driving in China.mp4
2018-05-14 08:19 - 2016-07-09 17:16 - 000060490 _____ C:\Users\Corene2\Downloads\A Very Special Day.pdf
2018-05-14 08:19 - 2015-10-17 11:11 - 000558544 _____ C:\Users\Corene2\Downloads\Brochure with GF Color Scheme.pdf
2018-05-14 08:19 - 2015-08-18 07:42 - 000115101 _____ C:\Users\Corene2\Downloads\image.jpeg
2018-05-14 08:19 - 2015-08-18 07:42 - 000115101 _____ C:\Users\Corene2\Downloads\image (2).jpeg
2018-05-14 08:19 - 2015-08-18 07:42 - 000115101 _____ C:\Users\Corene2\Downloads\image (1).jpeg
2018-05-14 08:19 - 2015-08-01 13:56 - 000392913 _____ C:\Users\Corene2\Documents\Driving Directions from 7452 Spring Village Dr, Springfield, Virginia 22150 to Sheraton Reston Hotel in Reston, Virginia 20191 _ MapQuest.pdf
2018-05-14 08:19 - 2015-07-15 08:28 - 000198426 _____ C:\Users\Corene2\Downloads\Equifax_FACT_Rpt_07152015 (1).pdf
2018-05-14 08:19 - 2015-07-15 08:25 - 000198426 _____ C:\Users\Corene2\Documents\Equifax_FACT_Rpt_07152015.pdf
2018-05-14 08:19 - 2015-07-15 08:24 - 000198680 _____ C:\Users\Corene2\Downloads\Equifax_FACT_Rpt_07152015.pdf
2018-05-14 08:19 - 2015-07-14 21:38 - 000384677 _____ C:\Users\Corene2\Documents\Sublease(2).pdf
2018-05-14 08:19 - 2015-07-14 21:34 - 000547744 _____ C:\Users\Corene2\Documents\Sublease(1).pdf
2018-05-14 08:19 - 2015-07-14 21:30 - 000303670 _____ C:\Users\Corene2\Documents\Vorhis (offer letter).pdf
2018-05-14 08:19 - 2015-07-14 21:27 - 000018598 _____ C:\Users\Corene2\Documents\Pay_Statement(6.26.2015).pdf
2018-05-14 08:19 - 2015-07-14 21:27 - 000018593 _____ C:\Users\Corene2\Documents\Pay%20Statement(6.12.2015).pdf
2018-05-14 08:19 - 2015-07-14 21:24 - 000485287 _____ C:\Users\Corene2\Documents\Scan0001.pdf
2018-05-14 08:19 - 2015-07-13 12:10 - 001043564 _____ C:\Users\Corene2\Downloads\3_Carrier_Groups-1(2).pdf
2018-05-14 08:19 - 2015-07-02 10:08 - 007780543 _____ C:\Users\Corene2\Downloads\IMG_0904 (3).MOV
2018-05-14 08:19 - 2015-07-02 10:08 - 007780543 _____ C:\Users\Corene2\Downloads\IMG_0904 (2).MOV
2018-05-14 08:19 - 2015-07-02 10:06 - 007780543 _____ C:\Users\Corene2\Downloads\IMG_0904.MOV
2018-05-14 08:19 - 2015-07-02 10:06 - 007780543 _____ C:\Users\Corene2\Downloads\IMG_0904 (1).MOV
2018-05-14 08:19 - 2015-06-25 18:04 - 000677366 _____ C:\Users\Corene2\Downloads\Fwd_ On Longevity.eml
2018-05-14 08:19 - 2015-01-17 20:30 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (9).zip
2018-05-14 08:19 - 2015-01-03 16:06 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (8).zip
2018-05-14 08:19 - 2015-01-03 16:06 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (7).zip
2018-05-14 08:19 - 2015-01-03 16:06 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (6).zip
2018-05-14 08:19 - 2015-01-03 16:04 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (5).zip
2018-05-14 08:19 - 2015-01-03 16:04 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (4).zip
2018-05-14 08:19 - 2015-01-03 16:04 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (3).zip
2018-05-14 08:19 - 2015-01-03 16:03 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace.zip
2018-05-14 08:19 - 2015-01-03 16:03 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (2).zip
2018-05-14 08:19 - 2015-01-03 16:03 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (1).zip
2018-05-14 08:19 - 2015-01-01 15:10 - 000131415 _____ C:\Users\Corene2\Downloads\A_SHARING_OF_THE_LORDS_BURDEN.pdf
2018-05-14 08:19 - 2014-12-30 21:17 - 022905812 _____ C:\Users\Corene2\Downloads\Amazing Grace (1).mov
2018-05-14 08:19 - 2014-12-27 20:31 - 022905812 _____ C:\Users\Corene2\Downloads\Amazing Grace.mov
2018-05-14 08:19 - 2014-10-21 13:33 - 000087344 _____ C:\Users\Corene2\Downloads\Fw_ IS THIS ON YOUR BUCKET LIST Please read------ (1)
2018-05-14 08:19 - 2014-10-21 13:33 - 000087344 _____ C:\Users\Corene2\Downloads\Fw_ IS THIS ON YOUR BUCKET LIST Please read------
2018-05-14 08:19 - 2014-09-09 15:25 - 000293787 _____ C:\Users\Corene2\Downloads\140911.pdf
2018-05-14 08:19 - 2014-09-09 15:25 - 000293787 _____ C:\Users\Corene2\Downloads\140911 (1).pdf
2018-05-14 08:19 - 2013-10-15 15:14 - 000121946 _____ C:\Users\Corene2\Downloads\Fw_ Fwd_ Look who's new in the Whitehouse
2018-05-14 08:19 - 2011-05-30 19:09 - 000007223 _____ C:\Users\Corene2\Downloads\FinalTranscript.pdf
2018-05-14 08:19 - 2010-11-16 16:08 - 000022625 _____ C:\Users\Corene2\Documents\Contacts1 - csv.CSV
2018-05-14 08:19 - 2010-06-05 06:09 - 000047511 _____ C:\Users\Corene2\Downloads\300X250_RTPForm_031510.swf
2018-05-14 08:19 - 2009-05-16 14:39 - 000191771 _____ C:\Users\Corene2\Downloads\GWsleep_form.pdf
2018-05-14 08:19 - 2009-03-28 20:33 - 000022625 _____ C:\Users\Corene2\Documents\Contacts - csv.CSV
2018-05-14 08:19 - 2009-03-01 14:31 - 002049024 _____ C:\Users\Corene2\Documents\Keep Church.pst
2018-05-14 08:19 - 2009-03-01 14:31 - 000525312 _____ C:\Users\Corene2\Documents\Keep General.pst
2018-05-14 08:19 - 2009-03-01 14:31 - 000271360 _____ C:\Users\Corene2\Documents\Latest Contacts.pst
2018-05-14 08:19 - 2008-04-06 16:46 - 000015872 _____ C:\Users\Corene2\Documents\Book1.xls
2018-05-14 08:19 - 2007-05-26 19:46 - 000245889 _____ C:\Users\Corene2\Documents\Directions to Lake Monticello.pdf
2018-05-14 08:19 - 2006-09-18 09:30 - 000006170 _____ C:\Users\Corene2\Documents\Address - csv type.csv
2018-05-14 08:19 - 2005-07-30 20:25 - 000180224 _____ C:\Users\Corene2\Documents\Old Contacts.pst
2018-05-14 08:19 - 2004-02-08 16:18 - 006313700 _____ C:\Users\Corene2\Documents\7503 Axton-3.tif
2018-05-14 08:19 - 2004-02-08 16:15 - 006313700 _____ C:\Users\Corene2\Documents\7503 Axton-2.tif
2018-05-14 08:19 - 2004-02-08 16:12 - 006313700 _____ C:\Users\Corene2\Documents\7503 Axton.tif
2018-05-14 08:19 - 2003-08-17 18:51 - 000023040 _____ C:\Users\Corene2\Documents\Corr's e-mail
2018-05-14 08:19 - 2003-06-19 10:46 - 001724836 _____ C:\Users\Corene2\Documents\Floor plan.tif
2018-05-14 08:19 - 2002-11-24 03:40 - 000000222 _____ C:\Users\Corene2\Documents\HOW GREAT THOU ART.url
2018-05-14 08:19 - 2002-10-28 12:14 - 000261316 _____ C:\Users\Corene2\Documents\Dan-Family.WAB
2018-05-14 08:19 - 2001-12-28 10:01 - 000234440 _____ C:\Users\Corene2\Documents\Address Book 1.pab.WAB
2018-05-14 08:18 - 2018-05-14 08:18 - 000000000 ____D C:\Users\Corene2\2009 Tax Returns
2018-05-14 08:18 - 2018-05-13 09:40 - 000002214 _____ C:\Users\Corene2\Google Chrome.lnk
2018-05-14 08:18 - 2010-04-06 20:10 - 000000087 _____ C:\Users\Corene2\Passwords.txt
2018-05-14 08:18 - 2009-05-26 13:50 - 000000876 _____ C:\Users\Corene2\Acrobat.com.lnk
2018-05-14 08:18 - 2009-05-16 15:00 - 000001889 _____ C:\Users\Corene2\Adobe Reader 9.lnk
2018-05-14 08:18 - 2009-05-16 14:41 - 000191771 _____ C:\Users\Corene2\GWsleep_form.pdf
2018-05-14 08:17 - 2018-05-14 08:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2018-05-14 06:41 - 2018-05-14 06:41 - 000000680 _____ C:\Users\Administrator\AppData\Local\d3d9caps.dat
2018-05-14 06:31 - 2018-05-14 06:31 - 000000000 ____D C:\Users\Corene2\AppData\Local\DataSafeOnline
2018-05-14 06:30 - 2018-05-14 09:23 - 000000946 _____ C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-14 06:30 - 2018-05-14 08:23 - 000000000 ____D C:\Users\Corene2\AppData\Local\Google
2018-05-14 06:30 - 2018-05-14 06:30 - 000068792 _____ C:\Users\Corene2\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-14 06:30 - 2018-05-14 06:30 - 000000951 _____ C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-05-14 06:30 - 2018-05-14 06:30 - 000000000 ____D C:\Users\Corene2\Documents\My Google Gadgets
2018-05-14 06:30 - 2018-05-14 06:30 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Desktop
2018-05-14 06:30 - 2018-05-14 06:30 - 000000000 ____D C:\Users\Corene2\AppData\Local\SupportSoft
2018-05-14 06:30 - 2018-05-14 06:30 - 000000000 ____D C:\Users\Corene2\AppData\Local\MediaDirect
2018-05-14 06:29 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\Local\VirtualStore
2018-05-14 06:29 - 2018-05-14 08:18 - 000000000 ____D C:\Users\Corene2
2018-05-14 06:29 - 2018-05-14 06:29 - 000000917 _____ C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2018-05-14 06:29 - 2018-05-14 06:29 - 000000020 ___SH C:\Users\Corene2\ntuser.ini
2018-05-14 06:16 - 2018-05-14 06:16 - 002438712 _____ (Kaspersky Lab) C:\Users\Administrator\Downloads\kfa18.0.0.405abcden_es_fr_13382.exe
2018-05-14 06:16 - 2018-05-14 06:16 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-05-14 06:14 - 2018-05-14 06:14 - 000013946 _____ C:\ProgramData\agent.1526292861.bdinstall.bin
2018-05-13 16:22 - 2018-05-13 16:29 - 000005120 _____ C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-13 15:56 - 2018-05-13 15:56 - 000001537 _____ C:\Users\Administrator\Desktop\Windows Explorer.lnk
2018-05-13 15:53 - 2018-05-14 08:17 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-05-13 15:52 - 2018-05-13 15:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\DataSafeOnline
2018-05-13 15:51 - 2018-05-13 19:42 - 000000946 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-13 15:51 - 2018-05-13 15:51 - 000068792 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-13 15:51 - 2018-05-13 15:51 - 000000951 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-05-13 15:51 - 2018-05-13 15:51 - 000000917 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2018-05-13 15:51 - 2018-05-13 15:51 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-05-13 15:51 - 2018-05-13 15:51 - 000000000 ____D C:\Users\Administrator\Documents\My Google Gadgets
2018-05-13 15:51 - 2018-05-13 15:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Desktop
2018-05-13 15:51 - 2018-05-13 15:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\SupportSoft
2018-05-13 15:51 - 2018-05-13 15:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\MediaDirect
2018-05-13 15:51 - 2018-05-13 15:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-05-13 15:50 - 2018-05-13 15:51 - 000000000 ____D C:\Users\Administrator
2018-05-03 17:44 - 2018-05-03 17:44 - 000028672 _____ C:\BCD_Backup
2018-05-03 15:26 - 2018-05-03 15:26 - 000000207 _____ C:\Windows\tweaking.com-regbackup-CORENE-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
2018-05-03 15:26 - 2018-05-03 15:26 - 000000000 ____D C:\RegBackup
2018-05-03 14:49 - 2018-05-03 15:10 - 000000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2018-05-03 14:49 - 2018-05-03 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-05-03 14:48 - 2018-05-03 15:10 - 000364886 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-05-03 14:48 - 2018-05-03 14:48 - 000000000 ____D C:\Program Files\Tweaking.com
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-15 13:28 - 2006-11-02 08:45 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-15 13:28 - 2006-11-02 08:45 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-15 09:28 - 2006-11-02 08:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-15 09:27 - 2006-11-02 08:58 - 000032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-05-15 09:23 - 2006-11-02 07:18 - 000000000 ____D C:\Windows\inf
2018-05-15 09:22 - 2009-01-21 16:02 - 000000000 ____D C:\DELL
2018-05-15 08:51 - 2011-09-02 13:55 - 000001945 _____ C:\Windows\epplauncher.mif
2018-05-14 09:13 - 2009-01-24 20:42 - 000000376 _____ C:\Windows\ODBC.INI
2018-05-13 17:29 - 2016-11-23 15:17 - 000170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-05-13 15:52 - 2015-02-01 15:15 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-05-13 15:52 - 2015-02-01 15:15 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-05-13 15:52 - 2009-01-21 14:45 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-13 15:48 - 2006-11-02 08:44 - 000290672 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-13 09:40 - 2009-10-03 16:51 - 000002214 _____ C:\Users\Corene\Google Chrome.lnk
2018-05-13 09:04 - 2009-11-27 19:49 - 000508202 _____ C:\Windows\ntbtlog.txt
2018-05-13 08:49 - 2017-03-06 14:30 - 000002492 _____ C:\Users\Corene\Desktop\Gmail.lnk
2018-05-03 16:07 - 2006-11-02 06:33 - 000763586 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-03 13:40 - 2009-01-24 20:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-05-03 13:40 - 2009-01-24 20:31 - 000000000 ____D C:\Users\Corene
2018-05-03 13:40 - 2009-01-21 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2018-05-03 13:40 - 2006-11-02 07:18 - 000000000 ____D C:\Windows\system32\spool
2018-05-03 13:40 - 2006-11-02 07:18 - 000000000 ____D C:\Windows\system32\Msdtc
2018-05-03 13:40 - 2006-11-02 07:18 - 000000000 ____D C:\Windows\registration
2018-05-03 13:40 - 2006-11-02 06:22 - 051904512 _____ C:\Windows\system32\config\software_previous
2018-05-03 13:40 - 2006-11-02 06:22 - 017825792 _____ C:\Windows\system32\config\system_previous
2018-05-03 13:37 - 2006-11-02 06:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2018-05-03 13:37 - 2006-11-02 06:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2018-05-03 09:36 - 2006-11-02 06:22 - 057147392 _____ C:\Windows\system32\config\components_previous
2018-05-03 09:36 - 2006-11-02 06:22 - 000524288 _____ C:\Windows\system32\config\default_previous
2018-04-15 06:26 - 2009-01-25 07:01 - 000006080 _____ C:\Users\Corene\AppData\Local\d3d9caps.dat
==================== Files in the root of some directories =======
2018-05-14 08:34 - 2010-11-16 16:08 - 000038440 _____ () C:\Users\Corene2\AppData\Roaming\Comma Separated Values (Windows).ADR
2018-05-14 08:34 - 2010-02-17 10:20 - 008653312 _____ (Dell, Inc. ) C:\Users\Corene2\AppData\Roaming\DataSafeDotNet.exe
2018-05-14 08:21 - 2018-04-15 06:26 - 000006080 _____ () C:\Users\Corene2\AppData\Local\d3d9caps.dat
2018-05-14 08:21 - 2018-05-14 09:23 - 000004096 _____ () C:\Users\Corene2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2009-10-04 06:51 - 2008-12-29 13:52 - 000536576 _____ () C:\Users\Corene\AppData\Local\Temp\AutoUpdate.dll
2012-04-03 19:15 - 2012-04-03 19:15 - 004125344 _____ (Adobe Systems Incorporated) C:\Users\Corene\AppData\Local\Temp\FlashPlayerUpdate.exe
2012-05-11 05:08 - 2012-05-11 05:08 - 004126880 _____ (Adobe Systems Incorporated) C:\Users\Corene\AppData\Local\Temp\FlashPlayerUpdate01.exe
2017-09-10 19:46 - 2017-09-10 19:46 - 000000000 _____ () C:\Users\Corene\AppData\Local\Temp\GURD18.exe
2009-04-24 06:00 - 2010-09-10 07:44 - 000426552 _____ (Google Inc.) C:\Users\Corene\AppData\Local\Temp\SearchWithGoogleUpdate.exe
2010-03-21 13:51 - 2010-03-21 13:51 - 000031048 _____ (Tencent) C:\Users\Corene\AppData\Local\Temp\selfupdate.exe
2011-05-09 21:51 - 2012-06-11 00:41 - 025575088 _____ (Skype Technologies S.A.) C:\Users\Corene\AppData\Local\Temp\SkypeSetup.exe
2018-05-14 08:29 - 2008-12-29 13:52 - 000536576 _____ () C:\Users\Corene2\AppData\Local\Temp\AutoUpdate.dll
2018-05-14 08:29 - 2012-04-03 19:15 - 004125344 _____ (Adobe Systems Incorporated) C:\Users\Corene2\AppData\Local\Temp\FlashPlayerUpdate.exe
2018-05-14 08:29 - 2012-05-11 05:08 - 004126880 _____ (Adobe Systems Incorporated) C:\Users\Corene2\AppData\Local\Temp\FlashPlayerUpdate01.exe
2018-05-14 08:29 - 2017-09-10 19:46 - 000000000 _____ () C:\Users\Corene2\AppData\Local\Temp\GURD18.exe
2018-05-14 08:29 - 2010-09-10 07:44 - 000426552 _____ (Google Inc.) C:\Users\Corene2\AppData\Local\Temp\SearchWithGoogleUpdate.exe
2018-05-14 08:29 - 2010-03-21 13:51 - 000031048 _____ (Tencent) C:\Users\Corene2\AppData\Local\Temp\selfupdate.exe
2018-05-14 08:29 - 2012-06-11 00:41 - 025575088 _____ (Skype Technologies S.A.) C:\Users\Corene2\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-15 09:34
==================== End of FRST.txt ============================

virginia · 2018/05/15

FRST.Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13.05.2018
Ran by Corene2 (15-05-2018 16:59:15)
Running from C:\Users\Corene2\Desktop
Windows Vista (TM) Home Basic Service Pack 2 (X86) (2009-01-21 12:34:12)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1260120000-521481097-4230313768-500 - Administrator - Disabled) => C:\Users\Administrator
Corene2 (S-1-5-21-1260120000-521481097-4230313768-1001 - Administrator - Enabled) => C:\Users\Corene2
Guest (S-1-5-21-1260120000-521481097-4230313768-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.0911.03589 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
HP ENVY 4500 series Basic Device Software (HKLM\...\{BCC989C6-7003-4367-8C30-7B88D47D3E79}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaButtons 5.0.0.1T4 (HKLM\...\{148DB7A0-BCA6-47DF-A715-DD01F9266478}) (Version: 5.0.0.1T4 - )
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{36C97B5B-5593-45B8-B50E-DAD87036BD9D}) (Version: 3.0.215.0 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Web Components (HKLM\...\{90260409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.6 - Google, Inc.)
QuickTime (HKLM\...\{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}) (Version: 7.65.17.80 - Apple Inc.)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Recovery ToolBox for Outlook Password 1.1 (HKLM\...\Recovery ToolBox for Outlook Password_is1) (Version: - Recovery ToolBox)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.10.13089 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 4.0.18 - Tweaking.com)
WinZip 14.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}) (Version: 14.0.9029 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-15] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-15] (AVAST Software)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2010-02-04] (WinZip Computing, S.L.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-15] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2010-02-04] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2008-08-26] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-15] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2010-02-04] (WinZip Computing, S.L.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {274CAD0F-5DD3-4193-8971-E97F4FDF1916} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {290FD31C-5EDB-4222-B255-330576BB56E3} - System32\Tasks\{0D1847BE-9FB8-4B20-8D4F-A770EBA43704} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {756A6CE0-AF90-4C3D-89FE-26176A857676} - System32\Tasks\{A5DEE25E-5A94-47EC-A89E-783667F7056E} => C:\Windows\system32\pcalua.exe -a "C:\Users\Corene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ITFUZFE\RegCureSetup_RW[1].exe" -d "C:\Program Files\internet explorer"
Task: {AB94E633-936F-4CB9-B2EA-F6C2F993108C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe [2018-05-15] (AVAST Software)
Task: {B23B9B52-5322-4A4D-977C-4D1E2F628AD9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1260120000-521481097-4230313768-1000Core => C:\Users\Corene\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C751FE67-C387-4481-A3E8-3E2F0EB3CEFE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-15] (AVAST Software)
Task: {D98AB79C-6EE0-47F8-8C30-5F55D50D0BD6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1260120000-521481097-4230313768-1000UA => C:\Users\Corene\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {F545595B-B392-4C3B-90DA-027951DCAFFE} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2009-06-26] (Microsoft Corporation)
Task: {F5CEEDE4-DBC4-47FD-A6FE-675B07643D76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F9090BFD-DC90-4A61-994D-9E47FB987F29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-13] (Adobe Systems Incorporated)
Task: {FB8653FB-B800-453C-8075-80DFCC0387B8} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Users\Corene2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
==================== Loaded Modules (Whitelisted) ==============
2018-05-15 08:27 - 2018-05-15 08:27 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-15 08:31 - 2018-05-15 08:31 - 005872272 _____ () C:\Program Files\AVAST Software\Avast\defs\18051502\algo.dll
2018-05-15 08:27 - 2018-05-15 08:27 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-15 08:30 - 2018-05-15 08:30 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-15 08:27 - 2018-05-15 08:27 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-15 08:27 - 2018-05-15 08:27 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-15 08:27 - 2018-05-15 08:27 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2009-01-21 14:47 - 2008-07-17 12:16 - 000065536 _____ () C:\Windows\System32\WinService.exe
2018-05-15 08:27 - 2018-05-15 08:27 - 000632024 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2009-01-21 14:47 - 2008-07-17 12:17 - 000208896 _____ () C:\Windows\System32\FastUserSwitching.exe
2009-01-21 14:52 - 2009-11-18 07:48 - 000034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2009-01-21 14:47 - 2008-10-27 12:20 - 002179072 _____ () C:\Windows\System32\MediaButtons.exe
2018-05-15 08:30 - 2018-05-15 08:30 - 048936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-15 08:27 - 2018-05-15 08:27 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3 [125]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 06:23 - 2018-05-03 16:07 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1260120000-521481097-4230313768-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 68.100.16.30 - 68.10.16.30
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{1CC70E94-38D2-466C-952F-893E27466799}] => (Allow) C:\Program Files\Dell\MediaDirect\MediaDirect.exe
FirewallRules: [{17D9F61D-FF58-4F80-8C2F-84FE038B3132}] => (Allow) C:\Program Files\Dell\MediaDirect\PCMService.exe
FirewallRules: [{0C67156E-DDE7-4CC7-9A7B-E266B731728E}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe
FirewallRules: [{8A3698CB-C072-4CB5-9F49-A81496F82525}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe
FirewallRules: [{734966B5-8988-4CB1-BDDF-9ADFC4BB46DC}] => (Allow) C:\Program Files\Dell Remote Access\ezi_ra.exe
FirewallRules: [{F735C275-2502-4D46-AC7B-E2D3D787B2B0}] => (Allow) C:\Program Files\Dell Remote Access\ezi_ra.exe
FirewallRules: [{7DFFB782-2D9E-4103-BA21-BEC19418839C}] => (Allow) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
FirewallRules: [{136C9CB6-525D-48B8-AB5B-B545F389CE04}] => (Allow) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
FirewallRules: [{DAAE1836-181F-4901-B5F1-F7ADC3474E3E}] => (Allow) C:\ProgramData\SingleClick Systems\VLC\vlc.exe
FirewallRules: [{7989C4CF-ED30-4A6F-AF03-C6D5E1DB0544}] => (Allow) C:\ProgramData\SingleClick Systems\VLC\vlc.exe
FirewallRules: [{033606B8-8B9E-4DD5-AE7A-603BD34344D8}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{B59B1C4A-BFA9-4746-A7BB-5E2BFB6388E0}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{945124E4-47B4-4B80-A903-BFBBA0314E35}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{11E01EB2-5C66-4383-8DF4-7B607096AEF6}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{5ADFA7F7-314F-410D-9E9F-3C4B3E8BAD67}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{32EE0FBC-A2DA-48D7-80B6-5737408CBCF1}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{78D3B7A5-336E-468A-BC8A-D2C581E053DC}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{4E7C1538-2D40-4B12-8825-C006E18170D8}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
FirewallRules: [TCP Query User{411B526B-6757-451F-ACA4-10E5D968AF29}C:\program files\tencent\qq2009\bin\qq.exe] => (Allow) C:\program files\tencent\qq2009\bin\qq.exe
FirewallRules: [UDP Query User{01B2189F-130F-45F5-96DB-C95856DF3F5C}C:\program files\tencent\qq2009\bin\qq.exe] => (Allow) C:\program files\tencent\qq2009\bin\qq.exe
FirewallRules: [{63B426B9-299F-403F-8198-5FC9F118FC48}] => (Allow) LPort=80
FirewallRules: [{C0322619-EE21-4ADC-9D7E-5698F1ED7DEA}] => (Allow) LPort=80
FirewallRules: [{D7D38C6E-B9BE-467F-8EA7-4B1144C02338}] => (Allow) LPort=80
FirewallRules: [{6198B15E-5314-4D7F-A85A-98E27A3F64B2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{210F3A9A-3077-421C-AD36-056B5F3073F0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A8F2C5CF-06A9-420F-921A-082F67061B40}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{3AD6A3B0-4B66-4FE9-9A26-5957FCDCA736}] => (Allow) LPort=5357
FirewallRules: [{253A07C9-3CA0-44B4-B89D-85D773F613CD}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{6D4A4C86-1D94-401A-9EA8-DE8FA0452C29}C:\users\corene\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\corene\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{C4B98473-6A83-401F-A07A-6802D4906BBA}C:\users\corene\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\corene\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
==================== Restore Points =========================
Could not list restore points
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2018 09:58:51 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x8000ffff).
Error: (05/15/2018 09:58:51 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8000ffff).
Error: (05/15/2018 09:58:51 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80004002.

Operation:
Abort Backup
Context:
Execution Context: Requestor
Current State: SnapshotSetCreated
Error: (05/15/2018 09:58:51 AM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.

Operation:
Abort Backup
Context:
Execution Context: Requestor
Current State: SnapshotSetCreated
Error: (05/15/2018 09:58:51 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (05/15/2018 09:58:51 AM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.

Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (05/15/2018 09:22:00 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed Dell-eBay.; Hr = 0x8000ffff).
Error: (05/15/2018 09:22:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80004002.

Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata

System errors:
=============
Error: (05/15/2018 04:59:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (05/15/2018 09:33:07 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.104.242.139 for the Network Card with network address 48F8B392992D has been denied by the DHCP server 10.104.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (05/15/2018 09:29:02 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (05/15/2018 09:28:47 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.104.208.91 for the Network Card with network address 48F8B392992D has been denied by the DHCP server 10.104.0.17 (The DHCP Server sent a DHCPNACK message).
Error: (05/15/2018 06:13:25 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.104.242.139 for the Network Card with network address 48F8B392992D has been denied by the DHCP server 10.104.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (05/15/2018 06:06:04 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (05/15/2018 06:04:31 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (05/14/2018 10:33:18 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

CodeIntegrity:
===================================
Date: 2018-05-14 09:53:04.910
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-05-14 09:53:02.991
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-05-14 09:53:01.072
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-05-14 09:52:59.169
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-05-14 09:52:56.439
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-05-14 09:52:54.551
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-05-14 09:52:52.679
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-05-14 09:52:50.760
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 24%
Total physical RAM: 3062.45 MB
Available physical RAM: 2300.88 MB
Total Virtual: 6353.17 MB
Available Virtual: 5256.34 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:134 GB) (Free:82.71 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.57 GB) NTFS

==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=134 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

broni · 2018/05/15

I don't see anything malicious so you have to go back to Vista forum.
Good luck

virginia · 2018/05/15

Thanks Broni. Good to know it looks clean.

broni · 2018/05/15

You're very welcome

Log in or Sign up

Inactive Security Center Service and Windows Defender Disabled

virginia Geek Member Thread Starter

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Security Center Service and Windows Defender Disabled

virginia Geek Member Thread Starter

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches