1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Security Center Service and Windows Defender Disabled

Discussion in 'Malware and Virus Removal' started by virginia, 2018/05/15.

  1. 2018/05/15
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    986
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    Broni,
    I started with this unit in the Vista forum and got the initial problem of being unable to boot up to the Desktop resolved. Apparently had a corrupted User profile. Created a new user profile, transferred appropriate files, and removed the corrupted profile.
    All seems to be well in that arena but I discovered during the process that the Security Center Service couldn't be started nor could I open Windows Defender. I tried to manually start the SCE in the Services module but it balked. Got an "Error 1068: The dependencvy service or group failed to start".
    I uninstalled Microsoft Security Essentials (wouldn't run on this Vista). I had problems trying to install a couple of the free AV's and finally got Avast to install. Don't know if malware is afoot but thought I would have you take a look.

    FARBAR

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13.05.2018
    Ran by Corene2 (administrator) on CORENE-PC (15-05-2018 16:58:35)
    Running from C:\Users\Corene2\Desktop
    Loaded Profiles: Corene2 (Available Profiles: Corene2 & Administrator)
    Platform: Windows Vista (TM) Home Basic Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
    () C:\Windows\System32\WinService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    () C:\Windows\System32\FastUserSwitching.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    (CyberLink Corp.) C:\Program Files\DELL\MediaDirect\PCMService.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    (Microsoft Corporation) C:\Windows\vVX1000.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\LifeExp.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    () C:\Windows\System32\MediaButtons.exe
    (TODO: <Company name>) C:\Windows\System32\TestUnitReady.exe
    (DELL COMPUTER INC.) C:\Windows\System32\DELLODD.exe
    (DELL COMPUTER INC.) C:\Windows\System32\DELLOSD.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    ==================== Registry (Whitelisted) ===========================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-08-26] (Realtek Semiconductor)
    HKLM\...\Run: [DellOSD] => C:\Windows\System32\FastUserSwitching.exe [208896 2008-07-17] ()
    HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-11-18] (Google)
    HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
    HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2010-02-15] (Apple Inc.)
    HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
    HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-15] (AVAST Software)
    Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-01-21] (Citrix Online, a division of Citrix Systems, Inc.)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2009-11-18] (Google)
    Startup: C:\Users\Corene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - Corene's HP ENVY 4500.lnk [2018-04-19]
    ShortcutTarget: Monitor Ink Alerts - Corene's HP ENVY 4500.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
    Startup: C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - Corene's HP ENVY 4500.lnk [2018-05-15]
    ShortcutTarget: Monitor Ink Alerts - Corene's HP ENVY 4500.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Winsock: Catalog9 11 %windir%\system32\vsocklib.dll => No File
    Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
    Tcpip\Parameters: [DhcpNameServer] 68.100.16.30 68.10.16.30 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{678F5BF4-7BCD-46AC-8123-45880871CCC0}: [DhcpNameServer] 68.100.16.30 68.10.16.30 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{7E36EABA-C249-42B4-BFE4-6F2201E84489}: [DhcpNameServer] 192.168.0.1
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090121
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-1260120000-521481097-4230313768-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090121
    HKU\S-1-5-21-1260120000-521481097-4230313768-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3090121
    SearchScopes: HKU\S-1-5-21-1260120000-521481097-4230313768-1001 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=O7cbLg9ntHsAZee0tldomVDc_ZM?q={searchTerms}
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10] (Sun Microsystems, Inc.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-15] (AVAST Software)
    BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
    Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/60.08/uploader2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2010-01-26] ()
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2010-02-19] (Google, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Corene2\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Corene2\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR NewTab: Default -> Not-active:"chrome-extension://fiihbfmmhmggfhkflnhllkpkcpnglemk/newtab/slim_newtabpage.html", Not-active:"chrome-extension://pacogkibldhicojmklpbapiilaleilbp/newtab/newtab.html", Not-active:"chrome-extension://njmeghckbeiadjjdfjicdiabhninckfp/newtab/newtab.html", Not-active:"chrome-extension://jnlpahmopiebiglhljlmbdhpcpmigkgf/newtab/newtab.html"
    CHR Profile: C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default [2018-05-14]
    CHR Extension: (YouTube) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-14]
    CHR Extension: (Google Search) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2018-05-14]
    CHR Extension: (Gmail) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2018-05-14]
    CHR Extension: (Ask Web Search) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfehfbnofiffladdncogfobimealokp [2018-05-14]
    CHR Extension: (Skype) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-05-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-14]
    CHR Extension: (Gmail) - C:\Users\Corene2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-14]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
    StartMenuInternet: Google Chrome.IAKGPFYDLCCAPWPM4G5E4BQHKI - C:\Users\Corene\AppData\Local\Google\Chrome\Application\chrome.exe
    ==================== Services (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-05-13] (Adobe Systems Incorporated) [File not signed]
    R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-08-26] (Andrea Electronics Corporation)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5963368 2018-05-15] (AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-15] (AVAST Software)
    R2 DELLODDSrv; C:\Windows\System32\WinService.exe [65536 2008-07-17] () [File not signed]
    S3 GoogleDesktopManager-110309-193829; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-11-18] (Google)
    S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-01-21] (Citrix Online, a division of Citrix Systems, Inc.)
    R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
    ===================== Drivers (Whitelisted) ======================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-05-15] (AVAST Software)
    R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-05-15] (AVAST Software)
    R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-05-15] (AVAST Software)
    R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-05-15] (AVAST Software)
    R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-05-15] (AVAST Software)
    R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [184632 2018-05-15] (AVAST Software)
    S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-05-15] (AVAST Software)
    R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133160 2018-05-15] (AVAST Software)
    R1 aswRdr; C:\Windows\System32\drivers\aswRdr.sys [70576 2018-05-15] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71840 2018-05-15] (AVAST Software)
    R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784112 2018-05-15] (AVAST Software)
    R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [392368 2018-05-15] (AVAST Software)
    R3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [205344 2018-05-15] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-05-15] (AVAST Software)
    R3 DLXPDisplayName; C:\Windows\System32\DRIVERS\DLACPI.sys [14392 2008-04-16] ()
    R3 Linksys_adapter; C:\Windows\System32\DRIVERS\AE2500vista.sys [1073216 2011-03-30] (Broadcom Corporation)
    R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-05-08] (Windows (R) Codename Longhorn DDK provider)
    S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2018-05-15 08:30 - 2018-05-15 08:30 - 000001831 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2018-05-15 08:30 - 2018-05-15 08:30 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\AVAST Software
    2018-05-15 08:30 - 2018-05-15 08:30 - 000000000 ____D C:\Users\Corene2\AppData\Local\CEF
    2018-05-15 08:30 - 2018-05-15 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2018-05-15 08:30 - 2018-05-15 08:30 - 000000000 _____ C:\Windows\system32\last.dump
    2018-05-15 08:28 - 2018-05-15 08:28 - 001142072 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
    2018-05-15 08:28 - 2018-05-15 08:28 - 000392368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2018-05-15 08:28 - 2018-05-15 08:28 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2018-05-15 08:28 - 2018-05-15 08:28 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2018-05-15 08:28 - 2018-05-15 08:28 - 000205344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
    2018-05-15 08:28 - 2018-05-15 08:28 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
    2018-05-15 08:28 - 2018-05-15 08:28 - 000133160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2018-05-15 08:28 - 2018-05-15 08:28 - 000071840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2018-05-15 08:28 - 2018-05-15 08:28 - 000070576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2018-05-15 08:28 - 2018-05-15 08:28 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2018-05-15 08:28 - 2018-05-15 08:28 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
    2018-05-15 08:28 - 2018-05-15 08:27 - 000784112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2018-05-15 08:28 - 2018-05-15 08:27 - 000276688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
    2018-05-15 08:28 - 2018-05-15 08:27 - 000185432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
    2018-05-15 08:28 - 2018-05-15 08:27 - 000184632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
    2018-05-15 08:28 - 2018-05-15 08:27 - 000157368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
    2018-05-15 08:28 - 2018-05-15 08:27 - 000050336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
    2018-05-15 08:26 - 2018-05-15 08:26 - 000000000 ____D C:\Program Files\AVAST Software
    2018-05-15 08:25 - 2018-05-15 09:36 - 000000000 ____D C:\ProgramData\AVAST Software
    2018-05-15 08:25 - 2018-05-15 08:25 - 006334880 _____ (AVAST Software) C:\Users\Corene2\Downloads\avast_free_antivirus_setup_online.exe
    2018-05-14 17:17 - 2018-05-15 16:58 - 000014945 _____ C:\Users\Corene2\Desktop\FRST.txt
    2018-05-14 17:17 - 2018-05-15 16:58 - 000000000 ____D C:\FRST
    2018-05-14 17:17 - 2018-05-14 17:18 - 000031746 _____ C:\Users\Corene2\Desktop\Addition.txt
    2018-05-14 17:12 - 2018-05-14 17:12 - 001765376 _____ (Farbar) C:\Users\Corene2\Desktop\FRST.exe
    2018-05-14 17:06 - 2018-05-14 17:06 - 000000104 _____ C:\Users\Corene2\Desktop\Internet - Shortcut.lnk
    2018-05-14 10:35 - 2018-05-14 10:35 - 000000000 ____D C:\Users\Corene2\Desktop\Corene
    2018-05-14 09:20 - 2018-05-14 09:20 - 000001537 _____ C:\Users\Corene2\Desktop\Windows Explorer.lnk
    2018-05-14 08:36 - 2018-05-14 08:36 - 000000000 ____D C:\Users\Corene2\Desktop\Samuel- Pictures
    2018-05-14 08:36 - 2018-05-14 08:36 - 000000000 ____D C:\Users\Corene2\Desktop\New Folder
    2018-05-14 08:36 - 2018-05-14 08:36 - 000000000 ____D C:\Users\Corene2\Desktop\Chris Employment
    2018-05-14 08:36 - 2017-11-01 20:21 - 053539342 _____ C:\Users\Corene2\Desktop\Tim Alabama video.MOV
    2018-05-14 08:36 - 2017-07-03 17:31 - 001464731 _____ C:\Users\Corene2\Desktop\Amazing Grace.3gp
    2018-05-14 08:36 - 2017-04-18 10:52 - 002302976 _____ C:\Users\Corene2\Desktop\outlook_archive.pst
    2018-05-14 08:36 - 2013-09-24 11:01 - 004944894 _____ C:\Users\Corene2\Desktop\IMG_0179.MOV
    2018-05-14 08:36 - 2012-12-28 16:05 - 000000158 _____ C:\Users\Corene2\Desktop\Computer Club.url
    2018-05-14 08:36 - 2012-08-30 14:27 - 000000418 _____ C:\Users\Corene2\Desktop\Katie - Shortcut.lnk
    2018-05-14 08:36 - 2011-03-05 15:10 - 000002921 _____ C:\Users\Corene2\Desktop\Gmail - Fw Fwd FW Thomas Jefferson.txt
    2018-05-14 08:36 - 2010-11-27 11:27 - 000001214 _____ C:\Users\Corene2\Desktop\recovery.txt
    2018-05-14 08:36 - 2010-11-16 16:13 - 000000227 _____ C:\Users\Corene2\Desktop\Hotmail - corene.114@hotmail.com - Windows Live.url
    2018-05-14 08:36 - 2010-10-24 13:29 - 000001653 _____ C:\Users\Corene2\Desktop\Magnify.lnk
    2018-05-14 08:35 - 2018-05-14 08:35 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Tencent
    2018-05-14 08:35 - 2018-05-14 08:35 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\skypePM
    2018-05-14 08:35 - 2018-05-14 08:35 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Skype
    2018-05-14 08:35 - 2018-05-14 08:35 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Mozilla
    2018-05-14 08:35 - 2018-05-14 08:35 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    2018-05-14 08:35 - 2016-04-09 05:32 - 000002057 _____ C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Macromedia
    2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Google
    2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Dell
    2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Adobe
    2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\LocalLow\Sun
    2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\LocalLow\Google
    2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\LocalLow\Apple Computer
    2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\LocalLow\Adobe
    2018-05-14 08:34 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\Local\WinZip
    2018-05-14 08:34 - 2010-11-16 16:08 - 000038440 _____ C:\Users\Corene2\AppData\Roaming\Comma Separated Values (Windows).ADR
    2018-05-14 08:34 - 2010-02-17 10:20 - 008653312 _____ (Dell, Inc. ) C:\Users\Corene2\AppData\Roaming\DataSafeDotNet.exe
    2018-05-14 08:28 - 2018-05-14 08:28 - 000000000 ____D C:\Users\Corene2\AppData\Local\Stardock_Corporation
    2018-05-14 08:23 - 2018-05-14 08:23 - 000000000 ____D C:\Users\Corene2\AppData\Local\HP
    2018-05-14 08:21 - 2018-05-14 09:23 - 000004096 _____ C:\Users\Corene2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-05-14 08:21 - 2018-05-14 08:21 - 000000000 ____D C:\Users\Corene2\AppData\Local\Apps\2.0
    2018-05-14 08:21 - 2018-05-14 08:21 - 000000000 ____D C:\Users\Corene2\AppData\Local\Apple Computer
    2018-05-14 08:21 - 2018-05-14 08:21 - 000000000 ____D C:\Users\Corene2\AppData\Local\Apple
    2018-05-14 08:21 - 2018-05-14 08:21 - 000000000 ____D C:\Users\Corene2\AppData\Local\Adobe
    2018-05-14 08:21 - 2018-04-15 06:26 - 000006080 _____ C:\Users\Corene2\AppData\Local\d3d9caps.dat
    2018-05-14 08:21 - 2009-10-03 16:50 - 000000000 ____D C:\Users\Corene2\AppData\Local\Deployment
    2018-05-14 08:20 - 2018-03-23 14:24 - 007393885 _____ C:\Users\Corene2\Downloads\VID-20180119-WA001312.mp4
    2018-05-14 08:20 - 2017-11-01 20:27 - 053539342 _____ C:\Users\Corene2\Downloads\IMG_2636 (5).MOV
    2018-05-14 08:20 - 2017-11-01 20:21 - 053539342 _____ C:\Users\Corene2\Downloads\IMG_2636 (4).MOV
    2018-05-14 08:20 - 2017-10-31 14:06 - 002242179 _____ C:\Users\Corene2\Downloads\VID-20161223-WA0004 (1).mp4
    2018-05-14 08:20 - 2017-10-31 14:05 - 002242179 _____ C:\Users\Corene2\Downloads\VID-20161223-WA0004.mp4
    2018-05-14 08:20 - 2017-10-28 14:56 - 053539342 _____ C:\Users\Corene2\Downloads\IMG_2636 (3).MOV
    2018-05-14 08:20 - 2017-10-28 14:46 - 053539342 _____ C:\Users\Corene2\Downloads\IMG_2636 (2).MOV
    2018-05-14 08:20 - 2017-10-28 14:42 - 053539342 _____ C:\Users\Corene2\Downloads\IMG_2636 (1).MOV
    2018-05-14 08:20 - 2017-10-28 14:37 - 053539342 _____ C:\Users\Corene2\Downloads\IMG_2636.MOV
    2018-05-14 08:20 - 2017-09-30 20:13 - 000874648 _____ (Google Inc.) C:\Users\Corene2\Downloads\Unconfirmed 175057.crdownload
    2018-05-14 08:20 - 2017-07-03 17:34 - 001464731 _____ C:\Users\Corene2\Downloads\Voice_170622_2 (5).3gp
    2018-05-14 08:20 - 2017-07-03 17:31 - 001464731 _____ C:\Users\Corene2\Downloads\Voice_170622_2 (4).3gp
    2018-05-14 08:20 - 2017-06-23 07:34 - 001464731 _____ C:\Users\Corene2\Downloads\Voice_170622_2 (3).3gp
    2018-05-14 08:20 - 2017-06-23 07:34 - 001464731 _____ C:\Users\Corene2\Downloads\Voice_170622_2 (2).3gp
    2018-05-14 08:20 - 2017-06-23 06:53 - 001464731 _____ C:\Users\Corene2\Downloads\Voice_170622_2 (1).3gp
    2018-05-14 08:20 - 2017-06-23 06:52 - 001464731 _____ C:\Users\Corene2\Downloads\Voice_170622_2.3gp
    2018-05-14 08:20 - 2016-11-23 15:15 - 022851472 _____ (Malwarebytes ) C:\Users\Corene2\Downloads\mbam-setup-2.2.1.1043.exe
    2018-05-14 08:20 - 2016-11-23 15:10 - 000720477 _____ C:\Users\Corene2\Downloads\Mosaic of Thanksgiving.pdf
    2018-05-14 08:20 - 2016-06-14 12:22 - 010210745 _____ C:\Users\Corene2\Downloads\IMG_1132 (3).MOV
    2018-05-14 08:20 - 2016-06-14 12:22 - 010210745 _____ C:\Users\Corene2\Downloads\IMG_1132 (2).MOV
    2018-05-14 08:20 - 2016-06-14 12:21 - 010210745 _____ C:\Users\Corene2\Downloads\IMG_1132.MOV
    2018-05-14 08:20 - 2016-06-14 12:21 - 010210745 _____ C:\Users\Corene2\Downloads\IMG_1132 (1).MOV
    2018-05-14 08:20 - 2016-04-13 14:44 - 000083442 _____ C:\Users\Corene2\Downloads\UMW News Article.pdf
    2018-05-14 08:20 - 2016-03-24 07:08 - 000113554 _____ C:\Users\Corene2\Downloads\Kindle Update.pdf
    2018-05-14 08:20 - 2016-03-02 13:31 - 000029869 _____ C:\Users\Corene2\Downloads\noname (5)
    2018-05-14 08:20 - 2016-01-26 08:29 - 000034464 _____ C:\Users\Corene2\Downloads\noname (4)
    2018-05-14 08:20 - 2015-07-14 21:29 - 000303387 _____ C:\Users\Corene2\Downloads\US_NW_706028276_1.pdf
    2018-05-14 08:20 - 2015-07-14 21:27 - 000052350 _____ C:\Users\Corene2\Downloads\Pay Statement (6.12.2015) (1).pdf
    2018-05-14 08:20 - 2015-07-14 21:26 - 000052350 _____ C:\Users\Corene2\Downloads\Pay_Statement (6.26.2015).pdf
    2018-05-14 08:20 - 2015-07-14 21:26 - 000052350 _____ C:\Users\Corene2\Downloads\Pay Statement (6.12.2015).pdf
    2018-05-14 08:20 - 2015-05-12 20:19 - 000176387 _____ C:\Users\Corene2\Downloads\noname (3)
    2018-05-14 08:20 - 2015-05-12 20:16 - 000183084 _____ C:\Users\Corene2\Downloads\noname (1)
    2018-05-14 08:20 - 2015-05-12 20:16 - 000183084 _____ C:\Users\Corene2\Downloads\noname
    2018-05-14 08:20 - 2015-05-12 20:16 - 000176387 _____ C:\Users\Corene2\Downloads\noname (2)
    2018-05-14 08:20 - 2015-04-14 06:50 - 003196928 _____ C:\Users\Corene2\Downloads\Sculptures-en-papier-FarWest_aca.pps
    2018-05-14 08:20 - 2014-11-01 13:32 - 005519360 _____ C:\Users\Corene2\Downloads\Mirrors_On_Quiet_Waters.pps
    2018-05-14 08:20 - 2014-11-01 13:32 - 005519360 _____ C:\Users\Corene2\Downloads\Mirrors_On_Quiet_Waters (1).pps
    2018-05-14 08:20 - 2014-07-25 21:01 - 002020523 _____ C:\Users\Corene2\Downloads\Please_DocuSign_this_document_Kiernan_Offer_.pdf
    2018-05-14 08:20 - 2014-07-25 21:01 - 002020523 _____ C:\Users\Corene2\Downloads\Please_DocuSign_this_document_Kiernan_Offer_ (1).pdf
    2018-05-14 08:20 - 2010-06-05 07:08 - 001924976 _____ (Adobe Systems Incorporated) C:\Users\Corene2\Downloads\install_flash_player.exe
    2018-05-14 08:20 - 2009-05-14 18:29 - 000191771 _____ C:\Users\Corene2\Downloads\Information and Forms for New Patients.pdf
    2018-05-14 08:20 - 2009-02-12 15:13 - 000219370 _____ C:\Users\Corene2\Downloads\StatementPDFServlet
    2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Unzipped
    2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Tencent Files
    2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\St John's
    2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Grandchildren
    2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Food
    2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Finances
    2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Family & friends
    2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Dan Med Dir
    2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Dan Ltrs
    2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\Dan & Corene Doc
    2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\BP-Corene & Dan
    2018-05-14 08:19 - 2018-05-14 08:19 - 000000000 ____D C:\Users\Corene2\Documents\archive
    2018-05-14 08:19 - 2017-12-19 20:21 - 018495327 _____ C:\Users\Corene2\Downloads\IMG_0100.MOV
    2018-05-14 08:19 - 2017-03-30 11:06 - 008959851 _____ C:\Users\Corene2\Downloads\Driving in China.mp4
    2018-05-14 08:19 - 2016-07-09 17:16 - 000060490 _____ C:\Users\Corene2\Downloads\A Very Special Day.pdf
    2018-05-14 08:19 - 2015-10-17 11:11 - 000558544 _____ C:\Users\Corene2\Downloads\Brochure with GF Color Scheme.pdf
    2018-05-14 08:19 - 2015-08-18 07:42 - 000115101 _____ C:\Users\Corene2\Downloads\image.jpeg
    2018-05-14 08:19 - 2015-08-18 07:42 - 000115101 _____ C:\Users\Corene2\Downloads\image (2).jpeg
    2018-05-14 08:19 - 2015-08-18 07:42 - 000115101 _____ C:\Users\Corene2\Downloads\image (1).jpeg
    2018-05-14 08:19 - 2015-08-01 13:56 - 000392913 _____ C:\Users\Corene2\Documents\Driving Directions from 7452 Spring Village Dr, Springfield, Virginia 22150 to Sheraton Reston Hotel in Reston, Virginia 20191 _ MapQuest.pdf
    2018-05-14 08:19 - 2015-07-15 08:28 - 000198426 _____ C:\Users\Corene2\Downloads\Equifax_FACT_Rpt_07152015 (1).pdf
    2018-05-14 08:19 - 2015-07-15 08:25 - 000198426 _____ C:\Users\Corene2\Documents\Equifax_FACT_Rpt_07152015.pdf
    2018-05-14 08:19 - 2015-07-15 08:24 - 000198680 _____ C:\Users\Corene2\Downloads\Equifax_FACT_Rpt_07152015.pdf
    2018-05-14 08:19 - 2015-07-14 21:38 - 000384677 _____ C:\Users\Corene2\Documents\Sublease(2).pdf
    2018-05-14 08:19 - 2015-07-14 21:34 - 000547744 _____ C:\Users\Corene2\Documents\Sublease(1).pdf
    2018-05-14 08:19 - 2015-07-14 21:30 - 000303670 _____ C:\Users\Corene2\Documents\Vorhis (offer letter).pdf
    2018-05-14 08:19 - 2015-07-14 21:27 - 000018598 _____ C:\Users\Corene2\Documents\Pay_Statement(6.26.2015).pdf
    2018-05-14 08:19 - 2015-07-14 21:27 - 000018593 _____ C:\Users\Corene2\Documents\Pay%20Statement(6.12.2015).pdf
    2018-05-14 08:19 - 2015-07-14 21:24 - 000485287 _____ C:\Users\Corene2\Documents\Scan0001.pdf
    2018-05-14 08:19 - 2015-07-13 12:10 - 001043564 _____ C:\Users\Corene2\Downloads\3_Carrier_Groups-1(2).pdf
    2018-05-14 08:19 - 2015-07-02 10:08 - 007780543 _____ C:\Users\Corene2\Downloads\IMG_0904 (3).MOV
    2018-05-14 08:19 - 2015-07-02 10:08 - 007780543 _____ C:\Users\Corene2\Downloads\IMG_0904 (2).MOV
    2018-05-14 08:19 - 2015-07-02 10:06 - 007780543 _____ C:\Users\Corene2\Downloads\IMG_0904.MOV
    2018-05-14 08:19 - 2015-07-02 10:06 - 007780543 _____ C:\Users\Corene2\Downloads\IMG_0904 (1).MOV
    2018-05-14 08:19 - 2015-06-25 18:04 - 000677366 _____ C:\Users\Corene2\Downloads\Fwd_ On Longevity.eml
    2018-05-14 08:19 - 2015-01-17 20:30 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (9).zip
    2018-05-14 08:19 - 2015-01-03 16:06 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (8).zip
    2018-05-14 08:19 - 2015-01-03 16:06 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (7).zip
    2018-05-14 08:19 - 2015-01-03 16:06 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (6).zip
    2018-05-14 08:19 - 2015-01-03 16:04 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (5).zip
    2018-05-14 08:19 - 2015-01-03 16:04 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (4).zip
    2018-05-14 08:19 - 2015-01-03 16:04 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (3).zip
    2018-05-14 08:19 - 2015-01-03 16:03 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace.zip
    2018-05-14 08:19 - 2015-01-03 16:03 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (2).zip
    2018-05-14 08:19 - 2015-01-03 16:03 - 004685004 _____ C:\Users\Corene2\Downloads\Amazing Grace (1).zip
    2018-05-14 08:19 - 2015-01-01 15:10 - 000131415 _____ C:\Users\Corene2\Downloads\A_SHARING_OF_THE_LORDS_BURDEN.pdf
    2018-05-14 08:19 - 2014-12-30 21:17 - 022905812 _____ C:\Users\Corene2\Downloads\Amazing Grace (1).mov
    2018-05-14 08:19 - 2014-12-27 20:31 - 022905812 _____ C:\Users\Corene2\Downloads\Amazing Grace.mov
    2018-05-14 08:19 - 2014-10-21 13:33 - 000087344 _____ C:\Users\Corene2\Downloads\Fw_ IS THIS ON YOUR BUCKET LIST Please read------ (1)
    2018-05-14 08:19 - 2014-10-21 13:33 - 000087344 _____ C:\Users\Corene2\Downloads\Fw_ IS THIS ON YOUR BUCKET LIST Please read------
    2018-05-14 08:19 - 2014-09-09 15:25 - 000293787 _____ C:\Users\Corene2\Downloads\140911.pdf
    2018-05-14 08:19 - 2014-09-09 15:25 - 000293787 _____ C:\Users\Corene2\Downloads\140911 (1).pdf
    2018-05-14 08:19 - 2013-10-15 15:14 - 000121946 _____ C:\Users\Corene2\Downloads\Fw_ Fwd_ Look who's new in the Whitehouse
    2018-05-14 08:19 - 2011-05-30 19:09 - 000007223 _____ C:\Users\Corene2\Downloads\FinalTranscript.pdf
    2018-05-14 08:19 - 2010-11-16 16:08 - 000022625 _____ C:\Users\Corene2\Documents\Contacts1 - csv.CSV
    2018-05-14 08:19 - 2010-06-05 06:09 - 000047511 _____ C:\Users\Corene2\Downloads\300X250_RTPForm_031510.swf
    2018-05-14 08:19 - 2009-05-16 14:39 - 000191771 _____ C:\Users\Corene2\Downloads\GWsleep_form.pdf
    2018-05-14 08:19 - 2009-03-28 20:33 - 000022625 _____ C:\Users\Corene2\Documents\Contacts - csv.CSV
    2018-05-14 08:19 - 2009-03-01 14:31 - 002049024 _____ C:\Users\Corene2\Documents\Keep Church.pst
    2018-05-14 08:19 - 2009-03-01 14:31 - 000525312 _____ C:\Users\Corene2\Documents\Keep General.pst
    2018-05-14 08:19 - 2009-03-01 14:31 - 000271360 _____ C:\Users\Corene2\Documents\Latest Contacts.pst
    2018-05-14 08:19 - 2008-04-06 16:46 - 000015872 _____ C:\Users\Corene2\Documents\Book1.xls
    2018-05-14 08:19 - 2007-05-26 19:46 - 000245889 _____ C:\Users\Corene2\Documents\Directions to Lake Monticello.pdf
    2018-05-14 08:19 - 2006-09-18 09:30 - 000006170 _____ C:\Users\Corene2\Documents\Address - csv type.csv
    2018-05-14 08:19 - 2005-07-30 20:25 - 000180224 _____ C:\Users\Corene2\Documents\Old Contacts.pst
    2018-05-14 08:19 - 2004-02-08 16:18 - 006313700 _____ C:\Users\Corene2\Documents\7503 Axton-3.tif
    2018-05-14 08:19 - 2004-02-08 16:15 - 006313700 _____ C:\Users\Corene2\Documents\7503 Axton-2.tif
    2018-05-14 08:19 - 2004-02-08 16:12 - 006313700 _____ C:\Users\Corene2\Documents\7503 Axton.tif
    2018-05-14 08:19 - 2003-08-17 18:51 - 000023040 _____ C:\Users\Corene2\Documents\Corr's e-mail
    2018-05-14 08:19 - 2003-06-19 10:46 - 001724836 _____ C:\Users\Corene2\Documents\Floor plan.tif
    2018-05-14 08:19 - 2002-11-24 03:40 - 000000222 _____ C:\Users\Corene2\Documents\HOW GREAT THOU ART.url
    2018-05-14 08:19 - 2002-10-28 12:14 - 000261316 _____ C:\Users\Corene2\Documents\Dan-Family.WAB
    2018-05-14 08:19 - 2001-12-28 10:01 - 000234440 _____ C:\Users\Corene2\Documents\Address Book 1.pab.WAB
    2018-05-14 08:18 - 2018-05-14 08:18 - 000000000 ____D C:\Users\Corene2\2009 Tax Returns
    2018-05-14 08:18 - 2018-05-13 09:40 - 000002214 _____ C:\Users\Corene2\Google Chrome.lnk
    2018-05-14 08:18 - 2010-04-06 20:10 - 000000087 _____ C:\Users\Corene2\Passwords.txt
    2018-05-14 08:18 - 2009-05-26 13:50 - 000000876 _____ C:\Users\Corene2\Acrobat.com.lnk
    2018-05-14 08:18 - 2009-05-16 15:00 - 000001889 _____ C:\Users\Corene2\Adobe Reader 9.lnk
    2018-05-14 08:18 - 2009-05-16 14:41 - 000191771 _____ C:\Users\Corene2\GWsleep_form.pdf
    2018-05-14 08:17 - 2018-05-14 08:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
    2018-05-14 06:41 - 2018-05-14 06:41 - 000000680 _____ C:\Users\Administrator\AppData\Local\d3d9caps.dat
    2018-05-14 06:31 - 2018-05-14 06:31 - 000000000 ____D C:\Users\Corene2\AppData\Local\DataSafeOnline
    2018-05-14 06:30 - 2018-05-14 09:23 - 000000946 _____ C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2018-05-14 06:30 - 2018-05-14 08:23 - 000000000 ____D C:\Users\Corene2\AppData\Local\Google
    2018-05-14 06:30 - 2018-05-14 06:30 - 000068792 _____ C:\Users\Corene2\AppData\Local\GDIPFONTCACHEV1.DAT
    2018-05-14 06:30 - 2018-05-14 06:30 - 000000951 _____ C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2018-05-14 06:30 - 2018-05-14 06:30 - 000000000 ____D C:\Users\Corene2\Documents\My Google Gadgets
    2018-05-14 06:30 - 2018-05-14 06:30 - 000000000 ____D C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Desktop
    2018-05-14 06:30 - 2018-05-14 06:30 - 000000000 ____D C:\Users\Corene2\AppData\Local\SupportSoft
    2018-05-14 06:30 - 2018-05-14 06:30 - 000000000 ____D C:\Users\Corene2\AppData\Local\MediaDirect
    2018-05-14 06:29 - 2018-05-14 08:34 - 000000000 ____D C:\Users\Corene2\AppData\Local\VirtualStore
    2018-05-14 06:29 - 2018-05-14 08:18 - 000000000 ____D C:\Users\Corene2
    2018-05-14 06:29 - 2018-05-14 06:29 - 000000917 _____ C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    2018-05-14 06:29 - 2018-05-14 06:29 - 000000020 ___SH C:\Users\Corene2\ntuser.ini
    2018-05-14 06:16 - 2018-05-14 06:16 - 002438712 _____ (Kaspersky Lab) C:\Users\Administrator\Downloads\kfa18.0.0.405abcden_es_fr_13382.exe
    2018-05-14 06:16 - 2018-05-14 06:16 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
    2018-05-14 06:14 - 2018-05-14 06:14 - 000013946 _____ C:\ProgramData\agent.1526292861.bdinstall.bin
    2018-05-13 16:22 - 2018-05-13 16:29 - 000005120 _____ C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-05-13 15:56 - 2018-05-13 15:56 - 000001537 _____ C:\Users\Administrator\Desktop\Windows Explorer.lnk
    2018-05-13 15:53 - 2018-05-14 08:17 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
    2018-05-13 15:52 - 2018-05-13 15:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\DataSafeOnline
    2018-05-13 15:51 - 2018-05-13 19:42 - 000000946 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2018-05-13 15:51 - 2018-05-13 15:51 - 000068792 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2018-05-13 15:51 - 2018-05-13 15:51 - 000000951 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2018-05-13 15:51 - 2018-05-13 15:51 - 000000917 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    2018-05-13 15:51 - 2018-05-13 15:51 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
    2018-05-13 15:51 - 2018-05-13 15:51 - 000000000 ____D C:\Users\Administrator\Documents\My Google Gadgets
    2018-05-13 15:51 - 2018-05-13 15:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Desktop
    2018-05-13 15:51 - 2018-05-13 15:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\SupportSoft
    2018-05-13 15:51 - 2018-05-13 15:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\MediaDirect
    2018-05-13 15:51 - 2018-05-13 15:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
    2018-05-13 15:50 - 2018-05-13 15:51 - 000000000 ____D C:\Users\Administrator
    2018-05-03 17:44 - 2018-05-03 17:44 - 000028672 _____ C:\BCD_Backup
    2018-05-03 15:26 - 2018-05-03 15:26 - 000000207 _____ C:\Windows\tweaking.com-regbackup-CORENE-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
    2018-05-03 15:26 - 2018-05-03 15:26 - 000000000 ____D C:\RegBackup
    2018-05-03 14:49 - 2018-05-03 15:10 - 000000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
    2018-05-03 14:49 - 2018-05-03 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2018-05-03 14:48 - 2018-05-03 15:10 - 000364886 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
    2018-05-03 14:48 - 2018-05-03 14:48 - 000000000 ____D C:\Program Files\Tweaking.com
    ==================== One Month Modified files and folders ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2018-05-15 13:28 - 2006-11-02 08:45 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2018-05-15 13:28 - 2006-11-02 08:45 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2018-05-15 09:28 - 2006-11-02 08:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-05-15 09:27 - 2006-11-02 08:58 - 000032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2018-05-15 09:23 - 2006-11-02 07:18 - 000000000 ____D C:\Windows\inf
    2018-05-15 09:22 - 2009-01-21 16:02 - 000000000 ____D C:\DELL
    2018-05-15 08:51 - 2011-09-02 13:55 - 000001945 _____ C:\Windows\epplauncher.mif
    2018-05-14 09:13 - 2009-01-24 20:42 - 000000376 _____ C:\Windows\ODBC.INI
    2018-05-13 17:29 - 2016-11-23 15:17 - 000170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2018-05-13 15:52 - 2015-02-01 15:15 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2018-05-13 15:52 - 2015-02-01 15:15 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2018-05-13 15:52 - 2009-01-21 14:45 - 000000000 ____D C:\Windows\system32\Macromed
    2018-05-13 15:48 - 2006-11-02 08:44 - 000290672 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-05-13 09:40 - 2009-10-03 16:51 - 000002214 _____ C:\Users\Corene\Google Chrome.lnk
    2018-05-13 09:04 - 2009-11-27 19:49 - 000508202 _____ C:\Windows\ntbtlog.txt
    2018-05-13 08:49 - 2017-03-06 14:30 - 000002492 _____ C:\Users\Corene\Desktop\Gmail.lnk
    2018-05-03 16:07 - 2006-11-02 06:33 - 000763586 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-05-03 13:40 - 2009-01-24 20:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2018-05-03 13:40 - 2009-01-24 20:31 - 000000000 ____D C:\Users\Corene
    2018-05-03 13:40 - 2009-01-21 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
    2018-05-03 13:40 - 2006-11-02 07:18 - 000000000 ____D C:\Windows\system32\spool
    2018-05-03 13:40 - 2006-11-02 07:18 - 000000000 ____D C:\Windows\system32\Msdtc
    2018-05-03 13:40 - 2006-11-02 07:18 - 000000000 ____D C:\Windows\registration
    2018-05-03 13:40 - 2006-11-02 06:22 - 051904512 _____ C:\Windows\system32\config\software_previous
    2018-05-03 13:40 - 2006-11-02 06:22 - 017825792 _____ C:\Windows\system32\config\system_previous
    2018-05-03 13:37 - 2006-11-02 06:22 - 000262144 _____ C:\Windows\system32\config\security_previous
    2018-05-03 13:37 - 2006-11-02 06:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
    2018-05-03 09:36 - 2006-11-02 06:22 - 057147392 _____ C:\Windows\system32\config\components_previous
    2018-05-03 09:36 - 2006-11-02 06:22 - 000524288 _____ C:\Windows\system32\config\default_previous
    2018-04-15 06:26 - 2009-01-25 07:01 - 000006080 _____ C:\Users\Corene\AppData\Local\d3d9caps.dat
    ==================== Files in the root of some directories =======
    2018-05-14 08:34 - 2010-11-16 16:08 - 000038440 _____ () C:\Users\Corene2\AppData\Roaming\Comma Separated Values (Windows).ADR
    2018-05-14 08:34 - 2010-02-17 10:20 - 008653312 _____ (Dell, Inc. ) C:\Users\Corene2\AppData\Roaming\DataSafeDotNet.exe
    2018-05-14 08:21 - 2018-04-15 06:26 - 000006080 _____ () C:\Users\Corene2\AppData\Local\d3d9caps.dat
    2018-05-14 08:21 - 2018-05-14 09:23 - 000004096 _____ () C:\Users\Corene2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    Some files in TEMP:
    ====================
    2009-10-04 06:51 - 2008-12-29 13:52 - 000536576 _____ () C:\Users\Corene\AppData\Local\Temp\AutoUpdate.dll
    2012-04-03 19:15 - 2012-04-03 19:15 - 004125344 _____ (Adobe Systems Incorporated) C:\Users\Corene\AppData\Local\Temp\FlashPlayerUpdate.exe
    2012-05-11 05:08 - 2012-05-11 05:08 - 004126880 _____ (Adobe Systems Incorporated) C:\Users\Corene\AppData\Local\Temp\FlashPlayerUpdate01.exe
    2017-09-10 19:46 - 2017-09-10 19:46 - 000000000 _____ () C:\Users\Corene\AppData\Local\Temp\GURD18.exe
    2009-04-24 06:00 - 2010-09-10 07:44 - 000426552 _____ (Google Inc.) C:\Users\Corene\AppData\Local\Temp\SearchWithGoogleUpdate.exe
    2010-03-21 13:51 - 2010-03-21 13:51 - 000031048 _____ (Tencent) C:\Users\Corene\AppData\Local\Temp\selfupdate.exe
    2011-05-09 21:51 - 2012-06-11 00:41 - 025575088 _____ (Skype Technologies S.A.) C:\Users\Corene\AppData\Local\Temp\SkypeSetup.exe
    2018-05-14 08:29 - 2008-12-29 13:52 - 000536576 _____ () C:\Users\Corene2\AppData\Local\Temp\AutoUpdate.dll
    2018-05-14 08:29 - 2012-04-03 19:15 - 004125344 _____ (Adobe Systems Incorporated) C:\Users\Corene2\AppData\Local\Temp\FlashPlayerUpdate.exe
    2018-05-14 08:29 - 2012-05-11 05:08 - 004126880 _____ (Adobe Systems Incorporated) C:\Users\Corene2\AppData\Local\Temp\FlashPlayerUpdate01.exe
    2018-05-14 08:29 - 2017-09-10 19:46 - 000000000 _____ () C:\Users\Corene2\AppData\Local\Temp\GURD18.exe
    2018-05-14 08:29 - 2010-09-10 07:44 - 000426552 _____ (Google Inc.) C:\Users\Corene2\AppData\Local\Temp\SearchWithGoogleUpdate.exe
    2018-05-14 08:29 - 2010-03-21 13:51 - 000031048 _____ (Tencent) C:\Users\Corene2\AppData\Local\Temp\selfupdate.exe
    2018-05-14 08:29 - 2012-06-11 00:41 - 025575088 _____ (Skype Technologies S.A.) C:\Users\Corene2\AppData\Local\Temp\SkypeSetup.exe
    ==================== Bamital & volsnap ======================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
    LastRegBack: 2018-05-15 09:34
    ==================== End of FRST.txt ============================
     
  2. 2018/05/15
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    986
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    FRST.Addition

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13.05.2018
    Ran by Corene2 (15-05-2018 16:59:15)
    Running from C:\Users\Corene2\Desktop
    Windows Vista (TM) Home Basic Service Pack 2 (X86) (2009-01-21 12:34:12)
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-1260120000-521481097-4230313768-500 - Administrator - Disabled) => C:\Users\Administrator
    Corene2 (S-1-5-21-1260120000-521481097-4230313768-1001 - Administrator - Enabled) => C:\Users\Corene2
    Guest (S-1-5-21-1260120000-521481097-4230313768-501 - Limited - Disabled)
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)

    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
    Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
    Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
    Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
    Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
    Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
    EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
    Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.0911.03589 - Google)
    Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
    HP ENVY 4500 series Basic Device Software (HKLM\...\{BCC989C6-7003-4367-8C30-7B88D47D3E79}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP ENVY 4500 series Help (HKLM\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
    Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    MediaButtons 5.0.0.1T4 (HKLM\...\{148DB7A0-BCA6-47DF-A715-DD01F9266478}) (Version: 5.0.0.1T4 - )
    MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft LifeCam (HKLM\...\{36C97B5B-5593-45B8-B50E-DAD87036BD9D}) (Version: 3.0.215.0 - Microsoft Corporation)
    Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office XP Web Components (HKLM\...\{90260409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.6 - Google, Inc.)
    QuickTime (HKLM\...\{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}) (Version: 7.65.17.80 - Apple Inc.)
    Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
    Recovery ToolBox for Outlook Password 1.1 (HKLM\...\Recovery ToolBox for Outlook Password_is1) (Version: - Recovery ToolBox)
    Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.10.13089 - Skype Technologies S.A.)
    Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 4.0.18 - Tweaking.com)
    WinZip 14.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}) (Version: 14.0.9029 - WinZip Computing, S.L. )
    ==================== Custom CLSID (Whitelisted): ==========================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-15] (AVAST Software)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-15] (AVAST Software)
    ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2010-02-04] (WinZip Computing, S.L.)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-15] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
    ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2010-02-04] (WinZip Computing, S.L.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2008-08-26] (Intel Corporation)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-15] (AVAST Software)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
    ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2010-02-04] (WinZip Computing, S.L.)
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {274CAD0F-5DD3-4193-8971-E97F4FDF1916} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {290FD31C-5EDB-4222-B255-330576BB56E3} - System32\Tasks\{0D1847BE-9FB8-4B20-8D4F-A770EBA43704} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {756A6CE0-AF90-4C3D-89FE-26176A857676} - System32\Tasks\{A5DEE25E-5A94-47EC-A89E-783667F7056E} => C:\Windows\system32\pcalua.exe -a "C:\Users\Corene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ITFUZFE\RegCureSetup_RW[1].exe" -d "C:\Program Files\internet explorer"
    Task: {AB94E633-936F-4CB9-B2EA-F6C2F993108C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe [2018-05-15] (AVAST Software)
    Task: {B23B9B52-5322-4A4D-977C-4D1E2F628AD9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1260120000-521481097-4230313768-1000Core => C:\Users\Corene\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {C751FE67-C387-4481-A3E8-3E2F0EB3CEFE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-15] (AVAST Software)
    Task: {D98AB79C-6EE0-47F8-8C30-5F55D50D0BD6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1260120000-521481097-4230313768-1000UA => C:\Users\Corene\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {F545595B-B392-4C3B-90DA-027951DCAFFE} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2009-06-26] (Microsoft Corporation)
    Task: {F5CEEDE4-DBC4-47FD-A6FE-675B07643D76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {F9090BFD-DC90-4A61-994D-9E47FB987F29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-13] (Adobe Systems Incorporated)
    Task: {FB8653FB-B800-453C-8075-80DFCC0387B8} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
    ==================== Shortcuts & WMI ========================
    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Corene2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Users\Corene2\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
    ==================== Loaded Modules (Whitelisted) ==============
    2018-05-15 08:27 - 2018-05-15 08:27 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2018-05-15 08:31 - 2018-05-15 08:31 - 005872272 _____ () C:\Program Files\AVAST Software\Avast\defs\18051502\algo.dll
    2018-05-15 08:27 - 2018-05-15 08:27 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2018-05-15 08:30 - 2018-05-15 08:30 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
    2018-05-15 08:27 - 2018-05-15 08:27 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
    2018-05-15 08:27 - 2018-05-15 08:27 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
    2018-05-15 08:27 - 2018-05-15 08:27 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
    2009-01-21 14:47 - 2008-07-17 12:16 - 000065536 _____ () C:\Windows\System32\WinService.exe
    2018-05-15 08:27 - 2018-05-15 08:27 - 000632024 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
    2009-01-21 14:47 - 2008-07-17 12:17 - 000208896 _____ () C:\Windows\System32\FastUserSwitching.exe
    2009-01-21 14:52 - 2009-11-18 07:48 - 000034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
    2009-01-21 14:47 - 2008-10-27 12:20 - 002179072 _____ () C:\Windows\System32\MediaButtons.exe
    2018-05-15 08:30 - 2018-05-15 08:30 - 048936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2018-05-15 08:27 - 2018-05-15 08:27 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3 [125]
    ==================== Safe Mode (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
    ==================== Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ===============================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2006-11-02 06:23 - 2018-05-03 16:07 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-1260120000-521481097-4230313768-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
    DNS Servers: 68.100.16.30 - 68.10.16.30
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [{1CC70E94-38D2-466C-952F-893E27466799}] => (Allow) C:\Program Files\Dell\MediaDirect\MediaDirect.exe
    FirewallRules: [{17D9F61D-FF58-4F80-8C2F-84FE038B3132}] => (Allow) C:\Program Files\Dell\MediaDirect\PCMService.exe
    FirewallRules: [{0C67156E-DDE7-4CC7-9A7B-E266B731728E}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe
    FirewallRules: [{8A3698CB-C072-4CB5-9F49-A81496F82525}] => (Allow) C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe
    FirewallRules: [{734966B5-8988-4CB1-BDDF-9ADFC4BB46DC}] => (Allow) C:\Program Files\Dell Remote Access\ezi_ra.exe
    FirewallRules: [{F735C275-2502-4D46-AC7B-E2D3D787B2B0}] => (Allow) C:\Program Files\Dell Remote Access\ezi_ra.exe
    FirewallRules: [{7DFFB782-2D9E-4103-BA21-BEC19418839C}] => (Allow) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
    FirewallRules: [{136C9CB6-525D-48B8-AB5B-B545F389CE04}] => (Allow) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
    FirewallRules: [{DAAE1836-181F-4901-B5F1-F7ADC3474E3E}] => (Allow) C:\ProgramData\SingleClick Systems\VLC\vlc.exe
    FirewallRules: [{7989C4CF-ED30-4A6F-AF03-C6D5E1DB0544}] => (Allow) C:\ProgramData\SingleClick Systems\VLC\vlc.exe
    FirewallRules: [{033606B8-8B9E-4DD5-AE7A-603BD34344D8}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
    FirewallRules: [{B59B1C4A-BFA9-4746-A7BB-5E2BFB6388E0}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeCam.exe
    FirewallRules: [{945124E4-47B4-4B80-A903-BFBBA0314E35}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
    FirewallRules: [{11E01EB2-5C66-4383-8DF4-7B607096AEF6}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
    FirewallRules: [{5ADFA7F7-314F-410D-9E9F-3C4B3E8BAD67}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
    FirewallRules: [{32EE0FBC-A2DA-48D7-80B6-5737408CBCF1}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeExp.exe
    FirewallRules: [{78D3B7A5-336E-468A-BC8A-D2C581E053DC}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
    FirewallRules: [{4E7C1538-2D40-4B12-8825-C006E18170D8}] => (Allow) C:\Program Files\Microsoft LifeCam\LifeTray.exe
    FirewallRules: [TCP Query User{411B526B-6757-451F-ACA4-10E5D968AF29}C:\program files\tencent\qq2009\bin\qq.exe] => (Allow) C:\program files\tencent\qq2009\bin\qq.exe
    FirewallRules: [UDP Query User{01B2189F-130F-45F5-96DB-C95856DF3F5C}C:\program files\tencent\qq2009\bin\qq.exe] => (Allow) C:\program files\tencent\qq2009\bin\qq.exe
    FirewallRules: [{63B426B9-299F-403F-8198-5FC9F118FC48}] => (Allow) LPort=80
    FirewallRules: [{C0322619-EE21-4ADC-9D7E-5698F1ED7DEA}] => (Allow) LPort=80
    FirewallRules: [{D7D38C6E-B9BE-467F-8EA7-4B1144C02338}] => (Allow) LPort=80
    FirewallRules: [{6198B15E-5314-4D7F-A85A-98E27A3F64B2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{210F3A9A-3077-421C-AD36-056B5F3073F0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{A8F2C5CF-06A9-420F-921A-082F67061B40}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
    FirewallRules: [{3AD6A3B0-4B66-4FE9-9A26-5957FCDCA736}] => (Allow) LPort=5357
    FirewallRules: [{253A07C9-3CA0-44B4-B89D-85D773F613CD}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [TCP Query User{6D4A4C86-1D94-401A-9EA8-DE8FA0452C29}C:\users\corene\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\corene\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{C4B98473-6A83-401F-A07A-6802D4906BBA}C:\users\corene\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\corene\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
    FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
    FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
    ==================== Restore Points =========================
    Could not list restore points
    Check "winmgmt" service or repair WMI.

    ==================== Faulty Device Manager Devices =============
    Could not list Devices. Check "winmgmt" service or repair WMI.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (05/15/2018 09:58:51 AM) (Source: System Restore) (EventID: 8210) (User: )
    Description: The scheduled restore point could not be created. Additional information: (0x8000ffff).
    Error: (05/15/2018 09:58:51 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8000ffff).
    Error: (05/15/2018 09:58:51 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80004002.

    Operation:
    Abort Backup
    Context:
    Execution Context: Requestor
    Current State: SnapshotSetCreated
    Error: (05/15/2018 09:58:51 AM) (Source: VSS) (EventID: 34) (User: )
    Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
    VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
    application's installer or uninstaller.

    Operation:
    Abort Backup
    Context:
    Execution Context: Requestor
    Current State: SnapshotSetCreated
    Error: (05/15/2018 09:58:51 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

    Operation:
    Gathering Writer Data
    Executing Asynchronous Operation
    Context:
    Execution Context: Requestor
    Current State: GatherWriterMetadata
    Error: (05/15/2018 09:58:51 AM) (Source: VSS) (EventID: 34) (User: )
    Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
    VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
    application's installer or uninstaller.

    Operation:
    Gathering Writer Data
    Executing Asynchronous Operation
    Context:
    Execution Context: Requestor
    Current State: GatherWriterMetadata
    Error: (05/15/2018 09:22:00 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Removed Dell-eBay.; Hr = 0x8000ffff).
    Error: (05/15/2018 09:22:00 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80004002.

    Operation:
    Gathering Writer Data
    Executing Asynchronous Operation
    Context:
    Execution Context: Requestor
    Current State: GatherWriterMetadata

    System errors:
    =============
    Error: (05/15/2018 04:59:15 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    Error: (05/15/2018 09:33:07 AM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 10.104.242.139 for the Network Card with network address 48F8B392992D has been denied by the DHCP server 10.104.0.1 (The DHCP Server sent a DHCPNACK message).
    Error: (05/15/2018 09:29:02 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    Error: (05/15/2018 09:28:47 AM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 10.104.208.91 for the Network Card with network address 48F8B392992D has been denied by the DHCP server 10.104.0.17 (The DHCP Server sent a DHCPNACK message).
    Error: (05/15/2018 06:13:25 AM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 10.104.242.139 for the Network Card with network address 48F8B392992D has been denied by the DHCP server 10.104.0.1 (The DHCP Server sent a DHCPNACK message).
    Error: (05/15/2018 06:06:04 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    Error: (05/15/2018 06:04:31 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    Error: (05/14/2018 10:33:18 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1083" attempting to start the service winmgmt with arguments "" in order to run the server:
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}

    CodeIntegrity:
    ===================================
    Date: 2018-05-14 09:53:04.910
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2018-05-14 09:53:02.991
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2018-05-14 09:53:01.072
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2018-05-14 09:52:59.169
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.
    Date: 2018-05-14 09:52:56.439
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.
    Date: 2018-05-14 09:52:54.551
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.
    Date: 2018-05-14 09:52:52.679
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.
    Date: 2018-05-14 09:52:50.760
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.
    ==================== Memory info ===========================
    Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
    Percentage of memory in use: 24%
    Total physical RAM: 3062.45 MB
    Available physical RAM: 2300.88 MB
    Total Virtual: 6353.17 MB
    Available Virtual: 5256.34 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:134 GB) (Free:82.71 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.57 GB) NTFS

    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 30000000)
    Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=134 GB) - (Type=07 NTFS)
    ==================== End of Addition.txt ============================
     

  3. to hide this advert.

  4. 2018/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,576
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    I don't see anything malicious so you have to go back to Vista forum.
    Good luck :)
     
  5. 2018/05/15
    virginia Lifetime Subscription

    virginia Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    986
    Likes Received:
    13
    Trophy Points:
    233
    Location:
    Springfield, VA
    Computer Experience:
    Intermediate
    Thanks Broni. Good to know it looks clean.
     
  6. 2018/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,576
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    You're very welcome [​IMG]
     

Share This Page