joddle Posted October 15, 2017 Posted October 15, 2017 This little issue is driving me mad - which only happens when I am searching on Ebay UK. After a few moments I get a piece of music coming up - if I then click on a link on the page to view and item etc the music stops - then after the link has opened it comes up again and keeps doing this. Its always the same piece of music. When I close ebay it stops Funny thing it does not happen in IE only in Edge - so is there a cure? Have already checked for viruses and malware using Ad aware and Malwarebytes but nothing found. In every other respect the system is running as normal !!! Quote
Starbuck Posted October 17, 2017 Posted October 17, 2017 Hi joddle, Definitely is odd. I've tried Ebay using Edge and no music at all. I've just looked all through the Ebay settings and there isn't anything relating to this music. Quote Member of:UNITE
joddle Posted October 17, 2017 Author Posted October 17, 2017 I know its really odd - but like you can't find anything that's setting it off. It happens after a few moments of going onto ebay and then repeats if I click on an item or something else - then there is a pause and the same music starts up. I have just tried on another machine and no music - so I tried logging out of my account on the offending machine and again no music - so I logged in again and guess what? no music :) :) - no idea why though!!! Quote
Starbuck Posted October 17, 2017 Posted October 17, 2017 I have just tried on another machine and no musicWas that using Edge? This is just a theory.... if using other browsers doesn't give the same result, do these other browsers have an adblocker installed? The adblocker that I always recommend is uBlock Origin. uBlock Origin is more than an "ad blocker": it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker". The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites. uBlock Origin is now available for Edge: uBlock Origin for Edge As we have no idea what is causing this..... there's nothing to lose by installing it and see if this cures the problem or not. Quote Member of:UNITE
joddle Posted October 18, 2017 Author Posted October 18, 2017 Thanks Starbuck but having logged out of my ebay account and logged in again no music - and can't replicate the issue any more. It seems somehow have been due to my account> but how I have no idea. At least I can now browse in peace :) I have never installed any uBlock or similar add-ons for the browsers - all simply the way W10 installs Edge and IE Quote
joddle Posted October 18, 2017 Author Posted October 18, 2017 Thanks Starbuck but having logged out of my ebay account and logged in again no music - Spoke too soon - this morning its back again agggg - but again only when I am logged into my ebay account - if I log out then there is no music playing. This is weird Quote
joddle Posted October 18, 2017 Author Posted October 18, 2017 Further to the last post - now another clue - If I log out of Ebay then log in again the music is gone - at least until I reboot the PC. If I do that then the music is back so something is happening at the boot up stage to start the music happening when I am logged into Ebay. I have loaded the uBock add-in to Edge and at the moment am having no music - I cant reboot until later today as I have loads going on so will see if that has been effective later on. I can only think of some piece of malware or pup which is not being detected by Malwarebytes or my Avira Antivirus. Any ideas anyone? Quote
Starbuck Posted October 18, 2017 Posted October 18, 2017 Hi joddle, There was a music playing malware doing the rounds a year or two ago, but I haven't seen it for ages now. Ok, time to have a good look at this. There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator When the tool opens click Yes to disclaimer. Make sure that Addition.txt is selected at the bottom Press Scan button. http://i.imgur.com/YO62v3X.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. Make sure that you post both reports. Thanks. Quote Member of:UNITE
joddle Posted October 19, 2017 Author Posted October 19, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01 Ran by Josh (administrator) on MAIN755 (19-10-2017 08:21:00) Running from C:\Users\joshi\Desktop Loaded Profiles: Josh (Available Profiles: Josh) Platform: Windows 10 Pro Version 1703 15063.674 (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (ABBYY InfoPoisk LLC) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (Novawave Inc.) C:\Program Files\Novawave\Novabench\NovabenchService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe (VoipConnect) C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe () C:\Program Files (x86)\Real\RealDownloader\downloader2.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe (Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [securityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.) HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1363984 2014-02-19] (ABBYY Production LLC) HKLM-x32\...\Run: [soundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2011-02-24] (Analog Devices, Inc.) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [353104 2017-09-21] (RealNetworks, Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\program files (x86)\real\RealDownloader\downloader2.exe [1259704 2017-08-17] () HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [HP ENVY 4500] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [42303056 2017-09-20] (VoipConnect) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-04-16] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-09-21] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{868645ed-2e5d-4dee-a7f7-32c373a81406}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-205630320-448354025-1664443452-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-08-17] (RealDownloader) BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-08-17] (RealDownloader) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-205630320-448354025-1664443452-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.) Edge: ====== Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.13.8.0_neutral__f8jsg5mm64m62 [2017-10-18] FireFox: ======== FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-09-21] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-09-21] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-24] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default [2017-10-16] CHR Extension: (Docs) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16] CHR Extension: (Google Drive) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17] CHR Extension: (YouTube) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17] CHR Extension: (Google Docs Offline) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-11] CHR Extension: (Gmail) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17] CHR Extension: (Chrome Media Router) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-16] CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821048 2014-02-19] (ABBYY InfoPoisk LLC) R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-10-12] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-10-12] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-10-12] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-10-12] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-10-09] (Avira Operations GmbH & Co. KG) R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-04-16] (Macrovision Europe Ltd.) [File not signed] S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1085968 2017-10-09] (Garmin Ltd. or its subsidiaries) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed] R2 NovabenchService; C:\Program Files\Novawave\Novabench\NovabenchService.exe [313392 2017-08-11] (Novawave Inc.) S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed] S2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [37104 2017-08-17] (RealNetworks, Inc.) R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [989912 2017-09-21] (RealNetworks, Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation) S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X] S3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-20] (Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-09-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG) R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider) R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2015-03-10] (Windows ® Win 7 DDK provider) R3 NovabenchDriver; C:\Program Files\Novawave\Novabench\NovabenchDriver.sys [26976 2017-03-30] () S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-19 08:21 - 2017-10-19 08:21 - 000016480 _____ C:\Users\joshi\Desktop\FRST.txt 2017-10-19 08:20 - 2017-10-19 08:21 - 000000000 ____D C:\FRST 2017-10-19 08:17 - 2017-10-19 08:17 - 002402816 _____ (Farbar) C:\Users\joshi\Desktop\FRST64.exe 2017-10-17 20:48 - 2017-10-17 20:48 - 000025827 _____ C:\Users\joshi\Documents\to erase.pdf 2017-10-16 20:31 - 2017-10-16 20:31 - 000000000 ____D C:\Users\joshi\AppData\LocalLow\Unity 2017-10-16 20:18 - 1994-09-21 03:30 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system\WING32.DLL 2017-10-15 16:50 - 2017-10-15 16:53 - 000000000 ____D C:\AdwCleaner 2017-10-15 16:49 - 2017-10-15 16:49 - 008250832 _____ (Malwarebytes) C:\Users\joshi\Downloads\AdwCleaner (1).exe 2017-10-12 12:41 - 2017-10-12 12:41 - 000001189 _____ C:\Users\Public\Desktop\Avira.lnk 2017-10-11 18:03 - 2017-10-11 18:03 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-10-11 17:58 - 2017-09-30 07:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2017-10-11 17:58 - 2017-09-30 07:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2017-10-11 17:58 - 2017-09-30 07:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-10-11 17:58 - 2017-09-30 07:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-10-11 17:58 - 2017-09-30 07:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-10-11 17:58 - 2017-09-30 07:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-10-11 17:58 - 2017-09-30 07:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-10-11 17:58 - 2017-09-30 07:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2017-10-11 17:58 - 2017-09-30 07:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2017-10-11 17:58 - 2017-09-30 07:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2017-10-11 17:58 - 2017-09-30 07:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-10-11 17:58 - 2017-09-30 07:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2017-10-11 17:58 - 2017-09-30 07:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2017-10-11 17:58 - 2017-09-30 07:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2017-10-11 17:58 - 2017-09-30 07:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-10-11 17:58 - 2017-09-30 07:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2017-10-11 17:58 - 2017-09-30 07:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2017-10-11 17:58 - 2017-09-30 07:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2017-10-11 17:58 - 2017-09-30 07:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-10-11 17:58 - 2017-09-30 07:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2017-10-11 17:58 - 2017-09-30 04:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-10-11 17:58 - 2017-09-30 04:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2017-10-11 17:58 - 2017-09-30 04:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2017-10-11 17:58 - 2017-09-30 04:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-10-11 17:58 - 2017-09-30 04:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-10-11 17:58 - 2017-09-30 04:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2017-10-11 17:58 - 2017-09-30 04:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2017-10-11 17:58 - 2017-09-30 04:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2017-10-11 17:58 - 2017-09-30 04:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2017-10-11 17:58 - 2017-09-30 04:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-10-11 17:58 - 2017-09-30 04:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2017-10-11 17:58 - 2017-09-30 04:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-10-11 17:58 - 2017-09-30 04:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-10-11 17:58 - 2017-09-30 04:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll 2017-10-11 17:58 - 2017-09-30 04:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2017-10-11 17:58 - 2017-09-30 04:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-10-11 17:58 - 2017-09-30 04:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-10-11 17:58 - 2017-09-30 04:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2017-10-11 17:58 - 2017-09-30 04:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-10-11 17:58 - 2017-09-30 04:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2017-10-11 17:58 - 2017-09-30 04:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll 2017-10-11 17:58 - 2017-09-30 04:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-10-11 17:58 - 2017-09-30 04:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2017-10-11 17:58 - 2017-09-30 04:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-10-11 17:58 - 2017-09-30 04:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-10-11 17:58 - 2017-09-30 04:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2017-10-11 17:58 - 2017-09-30 04:02 - 001624096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll 2017-10-11 17:58 - 2017-09-30 04:02 - 001517464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll 2017-10-11 17:58 - 2017-09-30 04:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll 2017-10-11 17:58 - 2017-09-30 04:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2017-10-11 17:58 - 2017-09-29 09:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-10-11 17:58 - 2017-09-29 09:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-10-11 17:58 - 2017-09-29 09:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2017-10-11 17:58 - 2017-09-29 09:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-10-11 17:58 - 2017-09-29 09:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll 2017-10-11 17:58 - 2017-09-29 09:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2017-10-11 17:58 - 2017-09-29 09:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll 2017-10-11 17:58 - 2017-09-29 09:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-10-11 17:58 - 2017-09-29 09:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll 2017-10-11 17:58 - 2017-09-29 09:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-10-11 17:58 - 2017-09-29 09:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-10-11 17:58 - 2017-09-29 09:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-10-11 17:58 - 2017-09-29 09:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-10-11 17:58 - 2017-09-29 09:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-10-11 17:58 - 2017-09-29 09:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2017-10-11 17:58 - 2017-09-29 09:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll 2017-10-11 17:58 - 2017-09-29 09:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll 2017-10-11 17:58 - 2017-09-29 09:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2017-10-11 17:58 - 2017-09-29 09:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-10-11 17:58 - 2017-09-29 09:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-10-11 17:58 - 2017-09-29 09:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-10-11 17:58 - 2017-09-29 09:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-10-11 17:58 - 2017-09-29 09:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-10-11 17:58 - 2017-09-29 09:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2017-10-11 17:58 - 2017-09-29 09:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-10-11 17:58 - 2017-09-29 09:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll 2017-10-11 17:58 - 2017-09-29 09:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-10-11 17:58 - 2017-09-29 09:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-10-11 17:58 - 2017-09-29 09:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2017-10-11 17:58 - 2017-09-29 09:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2017-10-11 17:58 - 2017-09-29 09:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll 2017-10-11 17:58 - 2017-09-29 09:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll 2017-10-11 17:58 - 2017-09-29 09:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2017-10-11 17:58 - 2017-09-29 09:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-10-11 17:58 - 2017-09-29 09:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-10-11 17:58 - 2017-09-29 09:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-10-11 17:58 - 2017-09-29 09:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-10-11 17:58 - 2017-09-29 09:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2017-10-11 17:58 - 2017-09-29 09:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2017-10-11 17:58 - 2017-09-29 09:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2017-10-11 17:58 - 2017-09-29 09:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2017-10-11 17:58 - 2017-09-29 09:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2017-10-11 17:58 - 2017-09-29 09:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2017-10-11 17:58 - 2017-09-29 09:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe 2017-10-11 17:58 - 2017-09-29 09:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-10-11 17:58 - 2017-09-29 09:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2017-10-11 17:58 - 2017-09-29 09:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll 2017-10-11 17:58 - 2017-09-29 09:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-10-11 17:58 - 2017-09-29 09:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-10-11 17:58 - 2017-09-29 09:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-10-11 17:58 - 2017-09-29 09:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2017-10-11 17:58 - 2017-09-29 09:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-10-11 17:58 - 2017-09-29 09:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-10-11 17:58 - 2017-09-29 09:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2017-10-11 17:58 - 2017-09-29 09:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-10-11 17:58 - 2017-09-29 09:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2017-10-11 17:58 - 2017-09-29 09:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2017-10-11 17:58 - 2017-09-29 09:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2017-10-11 17:58 - 2017-09-29 09:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2017-10-11 17:58 - 2017-09-29 09:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2017-10-11 17:58 - 2017-09-29 09:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2017-10-11 17:58 - 2017-09-29 09:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2017-10-11 17:58 - 2017-09-29 09:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2017-10-11 17:58 - 2017-09-29 09:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2017-10-11 17:58 - 2017-09-29 09:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll 2017-10-11 17:58 - 2017-09-29 09:18 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe 2017-10-11 17:58 - 2017-09-29 09:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe 2017-10-11 17:58 - 2017-09-29 09:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe 2017-10-11 17:58 - 2017-09-29 07:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls 2017-10-11 17:58 - 2017-09-29 07:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls 2017-10-11 17:58 - 2017-09-20 17:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll 2017-10-11 17:58 - 2017-09-20 17:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\m***cl40.dll 2017-10-11 17:58 - 2017-09-20 17:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll 2017-10-11 17:58 - 2017-09-19 01:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2017-10-11 17:58 - 2017-09-19 00:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll 2017-10-11 17:58 - 2017-09-19 00:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll 2017-10-11 17:58 - 2017-09-19 00:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll 2017-10-11 17:57 - 2017-09-30 07:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-10-11 17:57 - 2017-09-30 07:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2017-10-11 17:57 - 2017-09-30 07:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-10-11 17:57 - 2017-09-30 07:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2017-10-11 17:57 - 2017-09-30 07:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-10-11 17:57 - 2017-09-30 07:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2017-10-11 17:57 - 2017-09-30 07:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-10-11 17:57 - 2017-09-30 07:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2017-10-11 17:57 - 2017-09-30 07:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-10-11 17:57 - 2017-09-30 07:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-10-11 17:57 - 2017-09-30 07:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-10-11 17:57 - 2017-09-30 07:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-10-11 17:57 - 2017-09-30 07:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2017-10-11 17:57 - 2017-09-30 07:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-10-11 17:57 - 2017-09-30 07:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2017-10-11 17:57 - 2017-09-30 07:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2017-10-11 17:57 - 2017-09-30 07:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-10-11 17:57 - 2017-09-30 07:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2017-10-11 17:57 - 2017-09-30 07:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-10-11 17:57 - 2017-09-30 07:40 - 000849816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe 2017-10-11 17:57 - 2017-09-30 07:40 - 000701336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2017-10-11 17:57 - 2017-09-30 07:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-10-11 17:57 - 2017-09-30 07:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll 2017-10-11 17:57 - 2017-09-30 07:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-10-11 17:57 - 2017-09-30 07:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2017-10-11 17:57 - 2017-09-30 07:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe 2017-10-11 17:57 - 2017-09-30 07:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-10-11 17:57 - 2017-09-30 07:39 - 001694104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll 2017-10-11 17:57 - 2017-09-30 07:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll 2017-10-11 17:57 - 2017-09-30 07:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-10-11 17:57 - 2017-09-30 07:38 - 001854872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-10-11 17:57 - 2017-09-30 07:37 - 002377112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll 2017-10-11 17:57 - 2017-09-30 07:37 - 002229144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll 2017-10-11 17:57 - 2017-09-30 07:37 - 001464728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll 2017-10-11 17:57 - 2017-09-30 07:36 - 000855960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2017-10-11 17:57 - 2017-09-30 07:36 - 000675224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll 2017-10-11 17:57 - 2017-09-29 09:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-10-11 17:57 - 2017-09-29 09:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-10-11 17:57 - 2017-09-29 09:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2017-10-11 17:57 - 2017-09-29 09:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-10-11 17:57 - 2017-09-29 09:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll 2017-10-11 17:57 - 2017-09-29 09:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2017-10-11 17:57 - 2017-09-29 09:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2017-10-11 17:57 - 2017-09-29 09:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-10-11 17:57 - 2017-09-29 09:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll 2017-10-11 17:57 - 2017-09-29 09:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-10-11 17:57 - 2017-09-29 09:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-10-11 17:57 - 2017-09-29 09:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll 2017-10-11 17:57 - 2017-09-29 09:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-10-11 17:57 - 2017-09-29 09:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2017-10-11 17:57 - 2017-09-29 09:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2017-10-11 17:57 - 2017-09-29 09:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2017-10-11 17:57 - 2017-09-29 09:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-10-11 17:57 - 2017-09-29 09:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll 2017-10-11 17:57 - 2017-09-29 09:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe 2017-10-11 17:57 - 2017-09-29 09:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2017-10-11 17:57 - 2017-09-29 09:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2017-10-11 17:57 - 2017-09-29 09:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-10-11 17:57 - 2017-09-29 09:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2017-10-11 17:57 - 2017-09-29 09:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll 2017-10-11 17:57 - 2017-09-29 09:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll 2017-10-11 17:57 - 2017-09-29 09:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll 2017-10-11 17:57 - 2017-09-29 09:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll 2017-10-11 17:57 - 2017-09-29 09:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2017-10-11 17:57 - 2017-09-29 09:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2017-10-11 17:57 - 2017-09-29 09:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 001197568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe 2017-10-11 17:57 - 2017-09-29 09:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2017-10-11 17:57 - 2017-09-29 09:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2017-10-11 17:57 - 2017-09-29 09:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2017-10-11 17:57 - 2017-09-29 09:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll 2017-10-11 17:57 - 2017-09-29 09:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2017-10-11 17:57 - 2017-09-29 09:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-10-11 17:57 - 2017-09-29 09:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2017-10-11 17:57 - 2017-09-29 09:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-10-11 17:57 - 2017-09-29 09:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-10-11 17:57 - 2017-09-29 09:24 - 001201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe 2017-10-11 17:57 - 2017-09-29 09:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2017-10-11 17:57 - 2017-09-29 09:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 002195968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-10-11 17:57 - 2017-09-29 09:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2017-10-11 17:57 - 2017-09-29 09:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll 2017-10-11 17:57 - 2017-09-29 09:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-10-11 17:57 - 2017-09-29 09:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll 2017-10-11 17:57 - 2017-09-29 09:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-10-11 17:57 - 2017-09-29 09:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2017-10-11 17:57 - 2017-09-29 09:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2017-10-11 17:57 - 2017-09-29 09:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll 2017-10-11 17:57 - 2017-09-29 09:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll 2017-10-11 17:57 - 2017-09-29 09:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2017-10-11 17:57 - 2017-09-29 09:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll 2017-10-11 17:57 - 2017-09-29 09:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll 2017-10-11 17:57 - 2017-09-29 09:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2017-10-11 17:57 - 2017-09-29 09:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2017-10-11 17:57 - 2017-09-29 09:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2017-10-11 17:57 - 2017-09-29 09:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-10-11 17:57 - 2017-09-29 09:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2017-10-11 17:57 - 2017-09-29 09:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2017-10-11 17:57 - 2017-09-29 09:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2017-10-11 17:57 - 2017-09-29 09:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2017-10-11 17:57 - 2017-09-29 09:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe 2017-10-11 17:57 - 2017-09-19 01:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2017-10-11 17:57 - 2017-09-19 01:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2017-10-11 17:57 - 2017-09-19 01:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-10-11 17:57 - 2017-09-19 01:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2017-10-11 17:57 - 2017-09-19 01:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2017-10-11 17:57 - 2017-09-19 01:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-10-11 17:57 - 2017-09-19 01:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2017-10-11 17:57 - 2017-09-19 00:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2017-10-11 17:57 - 2017-09-19 00:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll 2017-10-11 17:57 - 2017-09-19 00:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2017-10-10 08:15 - 2017-10-10 08:15 - 000015654 _____ C:\Users\joshi\Documents\Tax-Q3-17r.xlsx 2017-10-09 15:28 - 2017-10-09 15:31 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Novabench 2017-10-09 15:28 - 2017-10-09 15:29 - 000000000 ____D C:\ProgramData\Novabench 2017-10-09 15:28 - 2017-10-09 15:28 - 000000000 ____D C:\Users\joshi\AppData\Local\Novabench 2017-10-09 15:27 - 2017-10-09 15:27 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novabench.lnk 2017-10-09 15:27 - 2017-10-09 15:27 - 000000000 ____D C:\Program Files\Novawave 2017-10-09 15:23 - 2017-10-09 15:24 - 096575488 _____ C:\Users\joshi\Downloads\novabench.msi 2017-10-09 12:11 - 2017-10-10 08:15 - 000015653 _____ C:\Users\joshi\Documents\Tax-Q3-17.xlsx 2017-10-05 15:30 - 2017-08-23 11:26 - 000204016 _____ (HP Inc.) C:\WINDOWS\system32\hpmtp210.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000529136 _____ (HP Inc.) C:\WINDOWS\system32\hpcpn210.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000494320 _____ (HP Inc.) C:\WINDOWS\SysWOW64\hpcc3210.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000265128 _____ (HP Inc.) C:\WINDOWS\system32\hpmml210.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000242088 _____ (HP Inc.) C:\WINDOWS\system32\hpmja210.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000229616 _____ (HP Inc.) C:\WINDOWS\system32\hpmpm081.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000178416 _____ (HP Inc.) C:\WINDOWS\system32\hpcjpm.dll 2017-10-05 15:30 - 2017-08-23 11:25 - 000127728 _____ (HP Inc.) C:\WINDOWS\system32\hpmpw081.dll 2017-10-05 15:30 - 2017-08-23 11:24 - 000310696 _____ (HP Inc.) C:\WINDOWS\system32\hpmlm190.dll 2017-10-05 15:28 - 2017-10-05 15:28 - 001544192 _____ C:\Users\joshi\Downloads\Dot4x64 (1).msi 2017-10-05 15:20 - 2017-10-05 15:20 - 018600800 _____ C:\Users\joshi\Downloads\upd-pcl6-x64-6.5.0.22695.exe 2017-10-05 11:04 - 2017-10-05 11:04 - 000477693 _____ C:\Users\joshi\Downloads\044447492420170929214613050951.pdf 2017-10-04 07:37 - 2017-10-04 07:37 - 000056244 _____ C:\Users\joshi\Documents\Tenses.pdf 2017-10-03 22:17 - 2017-10-18 07:36 - 000009888 _____ C:\Users\joshi\Documents\New Girls.xlsx 2017-10-03 21:45 - 2017-10-03 21:45 - 000078770 _____ C:\Users\joshi\Documents\fruit&veg.pdf 2017-10-03 20:23 - 2017-10-04 07:37 - 000081920 _____ C:\Users\joshi\Documents\Tenses.pub 2017-10-03 18:35 - 2017-10-03 18:35 - 000455392 _____ C:\Users\joshi\Documents\clocks.pdf 2017-10-01 19:49 - 2017-10-14 12:35 - 000000000 ____D C:\Users\joshi\AppData\Roaming\WhatsApp 2017-10-01 19:49 - 2017-10-13 11:26 - 000002275 _____ C:\Users\joshi\Desktop\WhatsApp.lnk 2017-10-01 19:49 - 2017-10-13 11:24 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2017-10-01 19:49 - 2017-10-13 11:24 - 000000000 ____D C:\Users\joshi\AppData\Local\WhatsApp 2017-10-01 19:49 - 2017-10-13 11:24 - 000000000 ____D C:\Users\joshi\AppData\Local\SquirrelTemp 2017-10-01 19:48 - 2017-10-01 19:49 - 084144400 _____ (WhatsApp) C:\Users\joshi\Downloads\WhatsAppSetup.exe 2017-09-29 20:27 - 2017-10-02 08:29 - 000010518 _____ C:\Users\joshi\Documents\Pearl v us.xlsx 2017-09-29 16:48 - 2017-09-29 16:48 - 000000000 ____D C:\Users\joshi\AppData\Roaming\HandBrake Team 2017-09-29 16:48 - 2017-09-29 16:48 - 000000000 ____D C:\Program Files\HandBrake 2017-09-29 16:46 - 2017-09-29 16:46 - 010468271 _____ C:\Users\joshi\Downloads\HandBrake-1.0.7-x86_64-Win_GUI.exe 2017-09-27 20:23 - 2017-09-27 20:27 - 000000000 ____D C:\Users\joshi\Documents\8mmfilms 2017-09-27 17:14 - 2017-09-29 16:49 - 000000000 ____D C:\Users\joshi\AppData\Roaming\HandBrake 2017-09-27 17:14 - 2017-09-29 16:48 - 000000865 _____ C:\Users\joshi\Desktop\Handbrake.lnk 2017-09-27 17:14 - 2017-09-27 17:14 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2017-09-27 17:14 - 2017-09-27 17:14 - 000000000 ____D C:\Program Files (x86)\Handbrake 2017-09-23 12:38 - 2017-09-23 12:38 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray 2017-09-23 12:38 - 2017-09-23 12:38 - 000003208 _____ C:\WINDOWS\System32\Tasks\Avira SystrayStartTrigger 2017-09-21 15:17 - 2017-09-21 15:17 - 000000000 ____D C:\Users\joshi\AppData\Local\Meltytech 2017-09-21 15:16 - 2017-09-21 15:16 - 000001711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk 2017-09-21 15:15 - 2017-09-21 15:16 - 000000000 ____D C:\Program Files\Shotcut 2017-09-21 15:04 - 2017-09-21 15:06 - 193011560 _____ C:\Users\joshi\Downloads\shotcut-win64-170904.exe 2017-09-21 07:42 - 2017-09-21 07:42 - 000001277 _____ C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk 2017-09-21 07:42 - 2017-09-21 07:42 - 000000000 ____D C:\Users\joshi\AppData\Roaming\RealNetworks 2017-09-21 07:42 - 2017-09-21 07:42 - 000000000 ____D C:\ProgramData\RealNetworks 2017-09-21 07:41 - 2017-09-21 07:41 - 000285520 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll 2017-09-21 07:41 - 2017-09-21 07:41 - 000207696 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll 2017-09-21 01:52 - 2017-09-21 01:52 - 000142960 _____ (HP Inc.) C:\WINDOWS\system32\hpmco210.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-19 08:18 - 2017-05-22 15:46 - 000000000 ____D C:\Users\joshi\AppData\LocalLow\Mozilla 2017-10-19 08:07 - 2017-06-14 21:40 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{039BA300-6BEC-4172-AA30-191FCA5DCE5A} 2017-10-19 08:07 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-10-19 08:07 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-10-19 08:03 - 2017-06-14 21:24 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs 2017-10-18 22:45 - 2017-06-14 21:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-10-18 15:29 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-10-18 10:20 - 2016-04-16 14:57 - 000000000 ____D C:\Users\joshi\AppData\Local\Packages 2017-10-17 22:19 - 2016-04-16 18:20 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Skype 2017-10-16 20:20 - 2016-04-16 15:33 - 000000000 ____D C:\Users\joshi\AppData\Local\ElevatedDiagnostics 2017-10-16 20:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\System 2017-10-16 07:39 - 2016-05-16 12:51 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-10-15 16:59 - 2017-06-14 21:42 - 001115750 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-10-15 16:54 - 2017-06-14 21:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-10-15 16:53 - 2017-03-18 13:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2017-10-15 16:43 - 2016-04-16 18:47 - 000000191 _____ C:\Users\joshi\Desktop\Ebay UK.url 2017-10-15 13:48 - 2016-04-21 14:33 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-10-14 22:31 - 2017-06-14 21:26 - 000000000 ____D C:\Users\joshi 2017-10-14 14:19 - 2016-04-16 15:02 - 000000420 _____ C:\Users\joshi\Desktop\This PC - Shortcut.lnk 2017-10-13 02:21 - 2017-03-18 23:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-10-13 02:21 - 2017-03-18 23:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-12 22:13 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache 2017-10-12 15:15 - 2016-07-25 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-10-12 12:41 - 2016-04-17 20:58 - 000000000 ____D C:\ProgramData\Package Cache 2017-10-12 09:08 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF 2017-10-12 09:05 - 2016-02-13 19:33 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-10-12 09:03 - 2017-06-14 21:23 - 005034824 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-10-12 09:02 - 2017-06-15 20:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-10-12 09:02 - 2017-06-15 11:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB 2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\en-GB 2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Provisioning 2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2017-10-11 22:13 - 2017-03-18 23:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2017-10-11 22:13 - 2017-03-18 23:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2017-10-11 18:06 - 2016-04-16 17:19 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-10-11 18:03 - 2016-04-16 17:19 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-10-11 07:32 - 2016-05-24 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2017-10-11 07:32 - 2016-05-24 09:56 - 000000000 ____D C:\Program Files (x86)\Garmin 2017-10-11 07:31 - 2017-06-14 21:40 - 000003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask 2017-10-09 11:48 - 2016-12-20 20:44 - 000020240 _____ C:\Users\joshi\Documents\MMBookings2017.xlsx 2017-10-09 10:48 - 2017-09-04 19:38 - 000018725 _____ C:\Users\joshi\Documents\MMBookings2018.xlsx 2017-10-07 17:44 - 2016-04-16 18:19 - 000000000 ___RD C:\Program Files (x86)\Skype 2017-10-07 17:44 - 2016-04-16 18:19 - 000000000 ____D C:\ProgramData\Skype 2017-10-05 15:20 - 2016-04-16 17:12 - 000000000 ____D C:\HP Universal Print Driver 2017-09-29 18:14 - 2016-06-18 14:28 - 000000000 ____D C:\Users\joshi\AppData\Roaming\vlc 2017-09-29 16:23 - 2015-10-18 16:50 - 000000000 ____D C:\backup 2017-09-26 22:53 - 2016-04-16 18:17 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-09-26 22:53 - 2016-04-16 18:17 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-09-25 11:36 - 2016-07-06 15:04 - 000114848 _____ C:\Users\joshi\Documents\joddle.vcf 2017-09-25 11:36 - 2016-05-16 12:51 - 000000000 ____D C:\Users\joshi\AppData\Roaming\TeamViewer 2017-09-23 19:41 - 2016-06-17 17:07 - 000692224 _____ C:\Users\joshi\Documents\OSOBSMembForm.indd 2017-09-23 12:35 - 2016-04-17 19:09 - 000176224 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2017-09-22 15:35 - 2017-09-04 18:58 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-205630320-448354025-1664443452-1001 2017-09-22 15:35 - 2016-04-16 15:00 - 000002400 _____ C:\Users\joshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-09-22 15:35 - 2016-04-16 15:00 - 000000000 ___RD C:\Users\joshi\OneDrive 2017-09-22 11:53 - 2017-07-06 09:02 - 000000000 ____D C:\Users\joshi\Desktop\gardening 2017-09-22 11:27 - 2017-09-12 17:16 - 000010310 _____ C:\Users\joshi\Documents\exch Sept 17.xlsx 2017-09-21 07:56 - 2017-06-14 21:40 - 000003536 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check 2017-09-21 07:42 - 2017-06-14 21:40 - 000003584 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-205630320-448354025-1664443452-1001 2017-09-21 07:42 - 2017-06-14 21:40 - 000003520 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-205630320-448354025-1664443452-1001 2017-09-21 07:42 - 2016-04-17 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2017-09-21 07:42 - 2016-04-17 20:57 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Real 2017-09-21 07:42 - 2016-04-17 20:57 - 000000000 ____D C:\Program Files (x86)\Real 2017-09-21 07:42 - 2016-04-17 20:56 - 000000000 ____D C:\ProgramData\Real 2017-09-21 07:41 - 2016-06-20 08:21 - 000512336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll 2017-09-21 07:41 - 2016-06-20 08:21 - 000360784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll 2017-09-20 14:06 - 2017-09-14 15:48 - 000000400 __RSH C:\ProgramData\ntuser.pol 2017-09-20 14:05 - 2017-09-14 15:58 - 000000085 _____ C:\Users\joshi\Downloads\rufus.ini ==================== Files in the root of some directories ======= 2016-04-16 16:24 - 2016-04-16 16:24 - 000000057 _____ () C:\ProgramData\Ament.ini 2016-04-18 14:28 - 2016-04-18 14:30 - 000000377 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== 2017-09-23 14:14 - 2017-09-23 14:27 - 058881488 _____ (Skype Technologies S.A.) C:\Users\joshi\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-10 21:54 ==================== End of FRST.txt ============================ Quote
joddle Posted October 19, 2017 Author Posted October 19, 2017 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01 Ran by Josh (19-10-2017 08:22:15) Running from C:\Users\joshi\Desktop Windows 10 Pro Version 1703 15063.674 (X64) (2017-06-14 19:48:48) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-205630320-448354025-1664443452-500 - Administrator - Disabled) ASPNET (S-1-5-21-205630320-448354025-1664443452-1002 - Limited - Enabled) DefaultAccount (S-1-5-21-205630320-448354025-1664443452-503 - Limited - Disabled) Guest (S-1-5-21-205630320-448354025-1664443452-501 - Limited - Enabled) Josh (S-1-5-21-205630320-448354025-1664443452-1001 - Administrator - Enabled) => C:\Users\joshi ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.169 - ABBYY) Adobe Acrobat 8.1.0 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) ANT Drivers Installer x64 (HKLM\...\{B9218A36-7AD3-4046-8D77-31F51DC0D795}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Avira (HKLM-x32\...\{5aafdcfa-1dc4-4c8e-9171-d68f7578dcb2}) (Version: 1.2.98.24768 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{857417D9-30F6-4899-9DEE-59785B7A895A}) (Version: 1.2.98.24768 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.32.12 - Avira Operations GmbH & Co. KG) Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP) Elevated Installer (HKLM-x32\...\{B85F70BE-A5A3-48A2-A790-AF6001F026E0}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden FastStone Photo Resizer 3.5 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.5 - FastStone Soft.) Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries) Garmin City Navigator Europe NT 2017.10 (HKLM-x32\...\{C2E4DB83-144A-4D88-A1A7-E8433874AC2A}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{5b328687-2baf-4fb6-b6c7-c49fb4840cba}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{5F4164CE-621E-4AFD-BBFE-1BBE2299710E}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (HKLM-x32\...\{4E9533AB-7743-4B73-A5D2-42207E159E11}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - ) HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl) Jump Ahead 2000 Preschool v2.0 (HKLM-x32\...\JA2000PR_2.0) (Version: - ) Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - ) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.4.0.6486 - Mozilla) Mozilla Thunderbird 52.4.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 en-GB)) (Version: 52.4.0 - Mozilla) Novabench (HKLM\...\{CC27A05D-9D9A-43C7-B202-96A0BAAC86B9}) (Version: 4.0.1 - Novawave Inc.) PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) RealDownloader (HKLM-x32\...\{2275115D-1431-4A62-A98F-2F0393815327}) (Version: 18.1.9.106 - RealNetworks, Inc.) Hidden RealDownloader (HKLM-x32\...\{45bcec97-14a2-4e10-a129-58d2d0b34398}) (Version: 18.1.9.106 - RealNetworks) Hidden RealDownloader (HKLM-x32\...\{85584A8B-8989-42AA-81A0-80ABF61EFAF1}) (Version: 18.1.9.106 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.9 - RealNetworks) RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden Scan Tailor (HKLM-x32\...\Scan Tailor) (Version: - ) Shotcut (HKLM-x32\...\Shotcut) (Version: - ) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.) SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7280 - Analog Devices) Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform) SPSS Statistics 17.0 (HKLM-x32\...\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}) (Version: 17.0.0 - SPSS Inc.) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden Video Downloader (HKLM-x32\...\{4C68AE5C-915A-492A-AFCD-B630ECB9522D}) (Version: 18.1.9 - RealNetworks) Hidden VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) vs2015_redist x64 (HKLM\...\{EAED8692-5B63-4665-B857-D626633691DA}) (Version: 1.0.0.0 - Realnetworks) Hidden vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden VSDC Free Video Editor version 5.7.8.724 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.8.724 - Flash-Integro LLC) WhatsApp (HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\WhatsApp) (Version: 0.2.6426 - WhatsApp) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-205630320-448354025-1664443452-1001_Classes\CLSID\{96796C34-5460-E15F-894A-D38EF5BBCEDE}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-11] (Adobe Systems Inc.) ContextMenuHandlers1: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2014-02-19] (ABBYY Production LLC) ContextMenuHandlers1: [shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-10-12] (Avira Operations GmbH & Co. KG) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-09-21] (RealNetworks, Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-11] (Adobe Systems Inc.) ContextMenuHandlers6: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2014-02-19] (ABBYY Production LLC) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers6: [shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-10-12] (Avira Operations GmbH & Co. KG) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2531BCCF-CE0F-4EAB-91BE-2C352CCBA65D} - System32\Tasks\{7CFDA236-0A64-4177-B209-C5B1EEE17BC6} => "c:\windows\system32\launchwinapp.exe" hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsBing Task: {76123D1E-DCBA-4B12-9118-914EC942A315} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-10-09] () Task: {8A361CCE-87A6-41E3-AA2E-C5AB7B2B4F77} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe Task: {8FD9940C-81B3-4031-B4DE-A658B982CB6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-16] (Google Inc.) Task: {9A84B012-3241-499D-A2F4-3C4D4BCD3DEA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {9B285063-831A-4BDE-8043-DE169624B86D} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {A627F4D3-6625-49BB-9618-2BBF832BB2FC} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\RealDownloader\downloader2.exe [2017-08-17] () Task: {AE7980CA-AF94-4DC8-9D0A-E00AA2039316} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-16] (Google Inc.) Task: {B74307DD-A10D-4D17-913A-FBB62F0D73F7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-205630320-448354025-1664443452-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [2017-08-17] (RealNetworks, Inc.) Task: {C327F00A-B473-4CCC-AFD3-FB9585906D80} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd) Task: {E40AC95F-90EA-41C5-901E-EBE8D2C1F01F} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-10-12] (Avira Operations GmbH & Co. KG) Task: {F7CA35CE-FCA4-4C90-A250-4CD0A8C9754D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-205630320-448354025-1664443452-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [2017-08-17] (RealNetworks, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 22:59 - 2017-03-20 05:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-08-17 15:21 - 2017-08-17 15:21 - 001259704 _____ () C:\Program Files (x86)\Real\RealDownloader\downloader2.exe 2017-09-14 08:03 - 2017-09-14 08:04 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-10-05 07:38 - 2017-10-05 07:38 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2017-10-05 07:38 - 2017-10-05 07:38 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll 2017-09-21 07:42 - 2017-09-21 07:42 - 000101200 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 09:24 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-205630320-448354025-1664443452-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C4DDB210-7B8E-418C-B818-6BC8AA136146}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe FirewallRules: [{0664BB01-2EB4-4A29-B7B2-E0B2BB12A499}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe FirewallRules: [{BF7AEAC7-E524-4257-B846-99FEBC007910}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe FirewallRules: [{F8435D4C-5149-4F7B-9ABC-417B1FA086D9}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe FirewallRules: [{D3E6FDC2-E615-44B2-99E0-BB88DF536A9D}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{C86421C0-7659-4445-A9A2-5C8C9447737C}] => (Allow) LPort=5357 FirewallRules: [{17CCEEF5-31F9-4939-8C53-CE81B9549175}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe FirewallRules: [uDP Query User{CD301444-528A-450B-838D-2D7BF6797AC4}E:\archive\installation\tp-link\powerline utility\powerline scan.exe] => (Allow) E:\archive\installation\tp-link\powerline utility\powerline scan.exe FirewallRules: [TCP Query User{488B0530-C874-43DD-90B9-F46BB29FB1AA}E:\archive\installation\tp-link\powerline utility\powerline scan.exe] => (Allow) E:\archive\installation\tp-link\powerline utility\powerline scan.exe FirewallRules: [TCP Query User{AE617C0A-68CF-475A-A668-B73C1A6C2922}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe FirewallRules: [uDP Query User{57B775C6-9AE7-4E3A-858A-D11563096800}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe FirewallRules: [{809B8AB4-7262-419D-950E-8DBF5F97AB2A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{21FDDE6F-7BE9-453F-99AB-83FC39D1D84F}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Block) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe FirewallRules: [uDP Query User{480C3295-6436-440F-A0E7-1AC81F434239}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Block) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe FirewallRules: [{819CAABA-F439-48CC-8950-141798A1716E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D104222D-4091-450A-AFAA-ADE691AB4146}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{1F617F90-F5F3-4373-94E9-8D4487C00070}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{588C7B32-C754-442B-BFFA-A2B2834D68B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{3D924AE2-B0FB-4A32-8295-C42BE8202514}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\statistics.com FirewallRules: [{D4BEA1AE-B438-47B5-A725-3964E55A31B9}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\statistics.com FirewallRules: [{A0F2951B-05BC-4AB7-89E3-C6DD39FC9D87}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\SPSSWinWrapIDE.exe FirewallRules: [{B745DFB8-EEB8-438C-B4B2-385D1FB122E4}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\SPSSWinWrapIDE.exe FirewallRules: [{71039857-FB2D-4930-AB25-F679A6499C67}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\statistics.exe FirewallRules: [{0540460D-19D9-4524-B4A6-4B4929E018F0}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\statistics.exe FirewallRules: [{BA27155A-06F0-4942-B24A-02360C7EE0FD}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{5C609FA8-8D71-4841-AD9C-F6BC8CFC23A1}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{8C123CA1-9FAA-4557-BA92-C80EA3ACD893}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe FirewallRules: [{905BD752-4FE7-4F9B-9C74-3FCAB19017FB}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe FirewallRules: [{A3108015-E39E-41B3-9698-A07414E16C13}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{8933588D-3738-4838-B524-681FFF56AA5B}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{A0FF0682-6E9A-4AA8-8C55-C187C97E2B08}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{93ED78AE-4848-4107-BC52-E21842A858DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{F4F547B6-C026-44FB-A871-C395904D7900}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [uDP Query User{AD1B8F40-CFD9-44D5-BA3D-29EBEC5DFE9F}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe ==================== Restore Points ========================= 02-10-2017 08:19:17 Scheduled Checkpoint 09-10-2017 15:27:11 Installed Novabench 17-10-2017 08:05:12 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: PCI Serial Port Description: PCI Serial Port Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/18/2017 07:34:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.674, time stamp: 0x59cdf479 Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b Exception code: 0xcfffffff Fault offset: 0x00000000000a5ef4 Faulting process ID: 0x3b68 Faulting application start time: 0x01d347d1085f766a Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report ID: f89035ee-d394-475c-9962-4d5741cb6841 Faulting package full name: Microsoft.MicrosoftEdge_40.15063.674.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess Error: (10/18/2017 07:34:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.674, time stamp: 0x59cdf479 Faulting module name: win32u.dll, version: 10.0.15063.608, time stamp: 0xd9592a17 Exception code: 0xcfffffff Fault offset: 0x0000000000001144 Faulting process ID: 0x3558 Faulting application start time: 0x01d347d1d2b17a5c Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: C:\WINDOWS\System32\win32u.dll Report ID: 3e2bfff4-15c8-4d62-9179-a3df46f098ea Faulting package full name: Microsoft.MicrosoftEdge_40.15063.674.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess Error: (10/18/2017 07:30:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: downloader2.exe, version: 18.1.9.106, time stamp: 0x599616f2 Faulting module name: downloader2.exe, version: 18.1.9.106, time stamp: 0x599616f2 Exception code: 0xc0000005 Fault offset: 0x000178db Faulting process ID: 0x348c Faulting application start time: 0x01d347d02fb3a0e7 Faulting application path: C:\Program Files (x86)\Real\RealDownloader\downloader2.exe Faulting module path: C:\Program Files (x86)\Real\RealDownloader\downloader2.exe Report ID: 1617fc97-1ad8-43c5-97eb-0ae4aa70c009 Faulting package full name: Faulting package-relative application ID: Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 104) (User: ) Description: qmgr.dll (10864) QmgrDatabaseInstance: The database engine stopped the instance (0) with error (-1090). Internal Timing Sequence: [1] 0.000005 +J(0) [2] 0.000021 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [3] 0.000003 +J(0) [4] 0.000003 +J(0) [5] 0.0 +J(0) [6] 0.000065 +J(0) +M(C:0K, Fs:2, WS:-44K # 0K, PF:-52K # 0K, P:-52K) [7] - [8] 0.008363 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [9] 0.001333 +J(0) +M(C:0K, Fs:2, WS:-28K # 0K, PF:-36K # 0K, P:-36K) [10] - [11] 0.000007 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K) [12] - [13] 0.000034 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K) [14] 0.000217 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-8K # 0K, P:-8K) [15] 0.000013 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K) [16] 0.000003 +J(0). Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 471) (User: ) Description: qmgr.dll (10864) QmgrDatabaseInstance: Unable to rollback operation #-75 on database C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Error: -510. All future database updates will be rejected. Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 492) (User: ) Description: qmgr.dll (10864) QmgrDatabaseInstance: The logfile sequence in "C:\ProgramData\Microsoft\Network\Downloader\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup. Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 413) (User: ) Description: qmgr.dll (10864) QmgrDatabaseInstance: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032. Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 488) (User: ) Description: qmgr.dll (10864) QmgrDatabaseInstance: An attempt to create the file "C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log" failed with system error 80 (0x00000050): "The file exists. ". The create file operation will fail with error -1814 (0xfffff8ea). Error: (10/15/2017 05:24:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RealPlayerUpdateSvc.exe, version: 18.1.9.106, time stamp: 0x599621f2 Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e Exception code: 0xc0000005 Fault offset: 0x00091cc2 Faulting process ID: 0xbb0 Faulting application start time: 0x01d345c586ab3f11 Faulting application path: C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report ID: dba7c64e-793b-479c-9554-31300ef6095c Faulting package full name: Faulting package-relative application ID: Error: (10/13/2017 11:24:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WhatsApp_ExecutionStub.exe, version: 0.2.6426.0, time stamp: 0x5931cd5c Faulting module name: WhatsApp_ExecutionStub.exe, version: 0.2.6426.0, time stamp: 0x5931cd5c Exception code: 0xc0000005 Fault offset: 0x00004729 Faulting process ID: 0x2674 Faulting application start time: 0x01d344051caa6eac Faulting application path: C:\Users\joshi\AppData\Local\WhatsApp\app-0.2.6426\WhatsApp_ExecutionStub.exe Faulting module path: C:\Users\joshi\AppData\Local\WhatsApp\app-0.2.6426\WhatsApp_ExecutionStub.exe Report ID: 91719e2e-86b8-4337-94ce-2f7b22ceb2d5 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/16/2017 10:33:24 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/16/2017 10:33:24 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (10/16/2017 10:33:21 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755) Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E6550 @ 2.33GHz Percentage of memory in use: 34% Total physical RAM: 8052.61 MB Available physical RAM: 5282.88 MB Total Virtual: 9332.61 MB Available Virtual: 6389.55 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:254.16 GB) (Free:104.24 GB) NTFS Drive d: (Files) (Fixed) (Total:594.9 GB) (Free:290.38 GB) NTFS Drive e: (Archive) (Fixed) (Total:1013.41 GB) (Free:376.64 GB) NTFS Drive f: (Backup1) (Fixed) (Total:898.44 GB) (Free:600.17 GB) NTFS Drive h: (Backup2) (Fixed) (Total:964.58 GB) (Free:332.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 01F8C637) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=100 MB) - (Type=42) Partition 3: (Not Active) - (Size=254.2 GB) - (Type=42) Partition 4: (Not Active) - (Size=1608.8 GB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 91764494) Partition 1: (Not Active) - (Size=898.4 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=964.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Quote
Starbuck Posted October 19, 2017 Posted October 19, 2017 Hi joddle, I see nothing in the reports to suggest the issue you have. The old music playing malware used to change this file: C:\WINDOWS\system32\rpcss.dll => File is digitally signedBut as you can see, it's legit.... so that's not the problem. There are a few things to clear up in the reports. The fix will also clean a few other areas. Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://i.imgur.com/HbL7sAI.png The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Thanksfixlist.txt Quote Member of:UNITE
joddle Posted October 20, 2017 Author Posted October 20, 2017 Fix result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01 Ran by Josh (19-10-2017 22:40:46) Run:1 Running from D:\Clean Loaded Profiles: Josh (Available Profiles: Josh) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION GroupPolicy: Restriction <==== ATTENTION Toolbar: HKU\S-1-5-21-205630320-448354025-1664443452-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File CHR Extension: (Chrome Media Router) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-16] S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X] S3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [X] CMD: ipconfig /flushdns Hosts: EmptyTemp: ***************** Processes closed successfully. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully HKU\S-1-5-21-205630320-448354025-1664443452-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. CHR Extension: (Chrome Media Router) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-16] => Error: No automatic fix found for this entry. HKLM\System\CurrentControlSet\Services\RoxLiveShare9 => key removed successfully RoxLiveShare9 => service removed successfully HKLM\System\CurrentControlSet\Services\stllssvr => key removed successfully stllssvr => service removed successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot. =========== EmptyTemp: ========== BITS transfer queue => 6053888 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 137857201 B Java, Flash, Steam htmlcache => 16629 B Windows/system/drivers => 191025804 B Edge => 283464996 B Chrome => 250768201 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 432 B LocalService => 21322 B NetworkService => 0 B joshi => 590768716 B RecycleBin => 11559723541 B EmptyTemp: => 12.1 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-10-2017 22:48:35) C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ==== End of Fixlog 22:48:36 ==== Quote
Starbuck Posted October 21, 2017 Posted October 21, 2017 Hi joddle, The fix ran ok. This line isn't a problem line....It was my mistake. I had forgotten that Farbar has removed the ability to remove Chrome extensions. The extension isn't malicious .... it's classed as 'open to debate'. If you wanted to remove it you can by using Chromes own tools. From Chrome.....Type chrome://extensions in the address bar and press Enter. Click the trash can icon by the extension you'd like to completely remove. A confirmation dialog appears, click Remove. Are you still getting the music playing? Quote Member of:UNITE
joddle Posted October 22, 2017 Author Posted October 22, 2017 Hi Starbuck - music issues appears to be cured. At least I am getting total silence when browsing Ebay whether logged in or not on the offending machine. I don't use Chrome much but have removed the extensions anyway. Many thanks for all the help - much appreciated. Quote
Starbuck Posted October 22, 2017 Posted October 22, 2017 No problem at all. Fingers crossed that things stay that way. FRST can now be removed: Right click on the FRST icon and select delete. Right click on any fixlog.txt or fixlist.txt files and select delete. Navigate to: C:\frst and delete the frst folder Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.