Jump to content

Recommended Posts

Posted
This little issue is driving me mad - which only happens when I am searching on Ebay UK. After a few moments I get a piece of music coming up - if I then click on a link on the page to view and item etc the music stops - then after the link has opened it comes up again and keeps doing this. Its always the same piece of music. When I close ebay it stops Funny thing it does not happen in IE only in Edge - so is there a cure? Have already checked for viruses and malware using Ad aware and Malwarebytes but nothing found. In every other respect the system is running as normal !!!
  • Replies 14
  • Created
  • Last Reply

Top Posters In This Topic

Posted

Hi joddle,

 

Definitely is odd.

I've tried Ebay using Edge and no music at all.

I've just looked all through the Ebay settings and there isn't anything relating to this music.

Member of:

UNITE

Posted
I know its really odd - but like you can't find anything that's setting it off. It happens after a few moments of going onto ebay and then repeats if I click on an item or something else - then there is a pause and the same music starts up. I have just tried on another machine and no music - so I tried logging out of my account on the offending machine and again no music - so I logged in again and guess what? no music :) :) - no idea why though!!!
Posted
I have just tried on another machine and no music
Was that using Edge?

This is just a theory.... if using other browsers doesn't give the same result, do these other browsers have an adblocker installed?

The adblocker that I always recommend is uBlock Origin.

uBlock Origin is more than an "ad blocker": it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker".

The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites.

uBlock Origin is now available for Edge:

 

uBlock Origin for Edge

 

As we have no idea what is causing this..... there's nothing to lose by installing it and see if this cures the problem or not.

Member of:

UNITE

Posted

Thanks Starbuck but having logged out of my ebay account and logged in again no music - and can't replicate the issue any more. It seems somehow have been due to my account> but how I have no idea. At least I can now browse in peace :)

 

I have never installed any uBlock or similar add-ons for the browsers - all simply the way W10 installs Edge and IE

Posted
Thanks Starbuck but having logged out of my ebay account and logged in again no music -

 

Spoke too soon - this morning its back again agggg - but again only when I am logged into my ebay account - if I log out then there is no music playing. This is weird

Posted
Further to the last post - now another clue - If I log out of Ebay then log in again the music is gone - at least until I reboot the PC. If I do that then the music is back so something is happening at the boot up stage to start the music happening when I am logged into Ebay. I have loaded the uBock add-in to Edge and at the moment am having no music - I cant reboot until later today as I have loads going on so will see if that has been effective later on. I can only think of some piece of malware or pup which is not being detected by Malwarebytes or my Avira Antivirus. Any ideas anyone?
Posted

Hi joddle,

 

There was a music playing malware doing the rounds a year or two ago, but I haven't seen it for ages now.

 

Ok, time to have a good look at this.

 

There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

 

If you are unsure what you're system bit type is..... click Here for help.

 

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

 

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

 

  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.
     
    http://i.imgur.com/YO62v3X.png
     
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

 

Make sure that you post both reports.

 

Thanks.

Member of:

UNITE

Posted

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01

Ran by Josh (administrator) on MAIN755 (19-10-2017 08:21:00)

Running from C:\Users\joshi\Desktop

Loaded Profiles: Josh (Available Profiles: Josh)

Platform: Windows 10 Pro Version 1703 15063.674 (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

(ABBYY InfoPoisk LLC) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe

(Novawave Inc.) C:\Program Files\Novawave\Novabench\NovabenchService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe

(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe

(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe

(VoipConnect) C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

() C:\Program Files (x86)\Real\RealDownloader\downloader2.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe

(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStore.App.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\browser_broker.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [securityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1363984 2014-02-19] (ABBYY Production LLC)

HKLM-x32\...\Run: [soundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2011-02-24] (Analog Devices, Inc.)

HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [353104 2017-09-21] (RealNetworks, Inc.)

HKLM-x32\...\Run: [RealDownloader] => C:\program files (x86)\real\RealDownloader\downloader2.exe [1259704 2017-08-17] ()

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [HP ENVY 4500] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)

HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)

HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)

HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries)

HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\voipconnect.exe [42303056 2017-09-20] (VoipConnect)

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-04-16]

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-09-21]

ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{868645ed-2e5d-4dee-a7f7-32c373a81406}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKU\S-1-5-21-205630320-448354025-1664443452-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-08-17] (RealDownloader)

BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-08-17] (RealDownloader)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)

Toolbar: HKU\S-1-5-21-205630320-448354025-1664443452-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

Edge:

======

Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.13.8.0_neutral__f8jsg5mm64m62 [2017-10-18]

FireFox:

========

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-09-21] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=18.1.9.106 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-09-21] (RealPlayer)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-24] (Adobe Systems Inc.)

Chrome:

=======

CHR Profile: C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default [2017-10-16]

CHR Extension: (Docs) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]

CHR Extension: (Google Drive) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17]

CHR Extension: (YouTube) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17]

CHR Extension: (Google Docs Offline) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-16]

CHR Extension: (Chrome Web Store Payments) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-11]

CHR Extension: (Gmail) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17]

CHR Extension: (Chrome Media Router) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-16]

CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821048 2014-02-19] (ABBYY InfoPoisk LLC)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-10-12] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-10-12] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-10-12] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-10-12] (Avira Operations GmbH & Co. KG)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-10-09] (Avira Operations GmbH & Co. KG)

R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-04-16] (Macrovision Europe Ltd.) [File not signed]

S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1085968 2017-10-09] (Garmin Ltd. or its subsidiaries)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]

R2 NovabenchService; C:\Program Files\Novawave\Novabench\NovabenchService.exe [313392 2017-08-11] (Novawave Inc.)

S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]

S2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [37104 2017-08-17] (RealNetworks, Inc.)

R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [989912 2017-09-21] (RealNetworks, Inc.)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

S3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-20] (Avira Operations GmbH & Co. KG)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-09-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-05] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)

R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)

R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2015-03-10] (Windows ® Win 7 DDK provider)

R3 NovabenchDriver; C:\Program Files\Novawave\Novabench\NovabenchDriver.sys [26976 2017-03-30] ()

S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)

S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-19 08:21 - 2017-10-19 08:21 - 000016480 _____ C:\Users\joshi\Desktop\FRST.txt

2017-10-19 08:20 - 2017-10-19 08:21 - 000000000 ____D C:\FRST

2017-10-19 08:17 - 2017-10-19 08:17 - 002402816 _____ (Farbar) C:\Users\joshi\Desktop\FRST64.exe

2017-10-17 20:48 - 2017-10-17 20:48 - 000025827 _____ C:\Users\joshi\Documents\to erase.pdf

2017-10-16 20:31 - 2017-10-16 20:31 - 000000000 ____D C:\Users\joshi\AppData\LocalLow\Unity

2017-10-16 20:18 - 1994-09-21 03:30 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system\WING32.DLL

2017-10-15 16:50 - 2017-10-15 16:53 - 000000000 ____D C:\AdwCleaner

2017-10-15 16:49 - 2017-10-15 16:49 - 008250832 _____ (Malwarebytes) C:\Users\joshi\Downloads\AdwCleaner (1).exe

2017-10-12 12:41 - 2017-10-12 12:41 - 000001189 _____ C:\Users\Public\Desktop\Avira.lnk

2017-10-11 18:03 - 2017-10-11 18:03 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe

2017-10-11 17:58 - 2017-09-30 07:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll

2017-10-11 17:58 - 2017-09-30 07:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2017-10-11 17:58 - 2017-09-30 07:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys

2017-10-11 17:58 - 2017-09-30 07:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-10-11 17:58 - 2017-09-30 07:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-10-11 17:58 - 2017-09-30 07:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2017-10-11 17:58 - 2017-09-30 07:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll

2017-10-11 17:58 - 2017-09-30 07:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll

2017-10-11 17:58 - 2017-09-30 07:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2017-10-11 17:58 - 2017-09-30 07:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll

2017-10-11 17:58 - 2017-09-30 07:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2017-10-11 17:58 - 2017-09-30 07:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll

2017-10-11 17:58 - 2017-09-30 07:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2017-10-11 17:58 - 2017-09-30 07:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe

2017-10-11 17:58 - 2017-09-30 07:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2017-10-11 17:58 - 2017-09-30 07:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe

2017-10-11 17:58 - 2017-09-30 07:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys

2017-10-11 17:58 - 2017-09-30 07:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll

2017-10-11 17:58 - 2017-09-30 07:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2017-10-11 17:58 - 2017-09-30 07:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe

2017-10-11 17:58 - 2017-09-30 04:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2017-10-11 17:58 - 2017-09-30 04:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2017-10-11 17:58 - 2017-09-30 04:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2017-10-11 17:58 - 2017-09-30 04:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2017-10-11 17:58 - 2017-09-30 04:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-10-11 17:58 - 2017-09-30 04:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll

2017-10-11 17:58 - 2017-09-30 04:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2017-10-11 17:58 - 2017-09-30 04:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll

2017-10-11 17:58 - 2017-09-30 04:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll

2017-10-11 17:58 - 2017-09-30 04:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-10-11 17:58 - 2017-09-30 04:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll

2017-10-11 17:58 - 2017-09-30 04:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2017-10-11 17:58 - 2017-09-30 04:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2017-10-11 17:58 - 2017-09-30 04:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll

2017-10-11 17:58 - 2017-09-30 04:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2017-10-11 17:58 - 2017-09-30 04:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2017-10-11 17:58 - 2017-09-30 04:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2017-10-11 17:58 - 2017-09-30 04:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll

2017-10-11 17:58 - 2017-09-30 04:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2017-10-11 17:58 - 2017-09-30 04:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2017-10-11 17:58 - 2017-09-30 04:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll

2017-10-11 17:58 - 2017-09-30 04:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2017-10-11 17:58 - 2017-09-30 04:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll

2017-10-11 17:58 - 2017-09-30 04:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-10-11 17:58 - 2017-09-30 04:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2017-10-11 17:58 - 2017-09-30 04:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll

2017-10-11 17:58 - 2017-09-30 04:02 - 001624096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll

2017-10-11 17:58 - 2017-09-30 04:02 - 001517464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll

2017-10-11 17:58 - 2017-09-30 04:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll

2017-10-11 17:58 - 2017-09-30 04:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll

2017-10-11 17:58 - 2017-09-29 09:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-10-11 17:58 - 2017-09-29 09:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-10-11 17:58 - 2017-09-29 09:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll

2017-10-11 17:58 - 2017-09-29 09:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll

2017-10-11 17:58 - 2017-09-29 09:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll

2017-10-11 17:58 - 2017-09-29 09:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll

2017-10-11 17:58 - 2017-09-29 09:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll

2017-10-11 17:58 - 2017-09-29 09:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2017-10-11 17:58 - 2017-09-29 09:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll

2017-10-11 17:58 - 2017-09-29 09:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2017-10-11 17:58 - 2017-09-29 09:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2017-10-11 17:58 - 2017-09-29 09:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll

2017-10-11 17:58 - 2017-09-29 09:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-10-11 17:58 - 2017-09-29 09:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-10-11 17:58 - 2017-09-29 09:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

2017-10-11 17:58 - 2017-09-29 09:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2017-10-11 17:58 - 2017-09-29 09:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2017-10-11 17:58 - 2017-09-29 09:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll

2017-10-11 17:58 - 2017-09-29 09:38 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll

2017-10-11 17:58 - 2017-09-29 09:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll

2017-10-11 17:58 - 2017-09-29 09:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll

2017-10-11 17:58 - 2017-09-29 09:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll

2017-10-11 17:58 - 2017-09-29 09:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll

2017-10-11 17:58 - 2017-09-29 09:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll

2017-10-11 17:58 - 2017-09-29 09:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll

2017-10-11 17:58 - 2017-09-29 09:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll

2017-10-11 17:58 - 2017-09-29 09:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-10-11 17:58 - 2017-09-29 09:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll

2017-10-11 17:58 - 2017-09-29 09:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-10-11 17:58 - 2017-09-29 09:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-10-11 17:58 - 2017-09-29 09:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2017-10-11 17:58 - 2017-09-29 09:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2017-10-11 17:58 - 2017-09-29 09:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2017-10-11 17:58 - 2017-09-29 09:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll

2017-10-11 17:58 - 2017-09-29 09:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2017-10-11 17:58 - 2017-09-29 09:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2017-10-11 17:58 - 2017-09-29 09:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll

2017-10-11 17:58 - 2017-09-29 09:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2017-10-11 17:58 - 2017-09-29 09:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2017-10-11 17:58 - 2017-09-29 09:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2017-10-11 17:58 - 2017-09-29 09:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2017-10-11 17:58 - 2017-09-29 09:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll

2017-10-11 17:58 - 2017-09-29 09:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-10-11 17:58 - 2017-09-29 09:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys

2017-10-11 17:58 - 2017-09-29 09:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll

2017-10-11 17:58 - 2017-09-29 09:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll

2017-10-11 17:58 - 2017-09-29 09:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe

2017-10-11 17:58 - 2017-09-29 09:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2017-10-11 17:58 - 2017-09-29 09:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2017-10-11 17:58 - 2017-09-29 09:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll

2017-10-11 17:58 - 2017-09-29 09:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-10-11 17:58 - 2017-09-29 09:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2017-10-11 17:58 - 2017-09-29 09:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll

2017-10-11 17:58 - 2017-09-29 09:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll

2017-10-11 17:58 - 2017-09-29 09:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2017-10-11 17:58 - 2017-09-29 09:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll

2017-10-11 17:58 - 2017-09-29 09:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll

2017-10-11 17:58 - 2017-09-29 09:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll

2017-10-11 17:58 - 2017-09-29 09:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll

2017-10-11 17:58 - 2017-09-29 09:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll

2017-10-11 17:58 - 2017-09-29 09:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll

2017-10-11 17:58 - 2017-09-29 09:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe

2017-10-11 17:58 - 2017-09-29 09:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe

2017-10-11 17:58 - 2017-09-29 09:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe

2017-10-11 17:58 - 2017-09-29 09:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-10-11 17:58 - 2017-09-29 09:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll

2017-10-11 17:58 - 2017-09-29 09:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll

2017-10-11 17:58 - 2017-09-29 09:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2017-10-11 17:58 - 2017-09-29 09:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-10-11 17:58 - 2017-09-29 09:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2017-10-11 17:58 - 2017-09-29 09:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll

2017-10-11 17:58 - 2017-09-29 09:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2017-10-11 17:58 - 2017-09-29 09:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-10-11 17:58 - 2017-09-29 09:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2017-10-11 17:58 - 2017-09-29 09:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2017-10-11 17:58 - 2017-09-29 09:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2017-10-11 17:58 - 2017-09-29 09:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe

2017-10-11 17:58 - 2017-09-29 09:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

2017-10-11 17:58 - 2017-09-29 09:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2017-10-11 17:58 - 2017-09-29 09:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

2017-10-11 17:58 - 2017-09-29 09:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll

2017-10-11 17:58 - 2017-09-29 09:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll

2017-10-11 17:58 - 2017-09-29 09:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys

2017-10-11 17:58 - 2017-09-29 09:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll

2017-10-11 17:58 - 2017-09-29 09:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll

2017-10-11 17:58 - 2017-09-29 09:18 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe

2017-10-11 17:58 - 2017-09-29 09:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe

2017-10-11 17:58 - 2017-09-29 09:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe

2017-10-11 17:58 - 2017-09-29 07:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls

2017-10-11 17:58 - 2017-09-29 07:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls

2017-10-11 17:58 - 2017-09-20 17:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll

2017-10-11 17:58 - 2017-09-20 17:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\m***cl40.dll

2017-10-11 17:58 - 2017-09-20 17:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll

2017-10-11 17:58 - 2017-09-19 01:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2017-10-11 17:58 - 2017-09-19 00:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll

2017-10-11 17:58 - 2017-09-19 00:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll

2017-10-11 17:58 - 2017-09-19 00:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll

2017-10-11 17:57 - 2017-09-30 07:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2017-10-11 17:57 - 2017-09-30 07:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2017-10-11 17:57 - 2017-09-30 07:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-10-11 17:57 - 2017-09-30 07:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll

2017-10-11 17:57 - 2017-09-30 07:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2017-10-11 17:57 - 2017-09-30 07:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2017-10-11 17:57 - 2017-09-30 07:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-10-11 17:57 - 2017-09-30 07:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll

2017-10-11 17:57 - 2017-09-30 07:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2017-10-11 17:57 - 2017-09-30 07:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2017-10-11 17:57 - 2017-09-30 07:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-10-11 17:57 - 2017-09-30 07:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2017-10-11 17:57 - 2017-09-30 07:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2017-10-11 17:57 - 2017-09-30 07:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll

2017-10-11 17:57 - 2017-09-30 07:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll

2017-10-11 17:57 - 2017-09-30 07:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll

2017-10-11 17:57 - 2017-09-30 07:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2017-10-11 17:57 - 2017-09-30 07:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll

2017-10-11 17:57 - 2017-09-30 07:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2017-10-11 17:57 - 2017-09-30 07:40 - 000849816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe

2017-10-11 17:57 - 2017-09-30 07:40 - 000701336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll

2017-10-11 17:57 - 2017-09-30 07:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2017-10-11 17:57 - 2017-09-30 07:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll

2017-10-11 17:57 - 2017-09-30 07:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2017-10-11 17:57 - 2017-09-30 07:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys

2017-10-11 17:57 - 2017-09-30 07:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe

2017-10-11 17:57 - 2017-09-30 07:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-10-11 17:57 - 2017-09-30 07:39 - 001694104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll

2017-10-11 17:57 - 2017-09-30 07:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll

2017-10-11 17:57 - 2017-09-30 07:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2017-10-11 17:57 - 2017-09-30 07:38 - 001854872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll

2017-10-11 17:57 - 2017-09-30 07:37 - 002377112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll

2017-10-11 17:57 - 2017-09-30 07:37 - 002229144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll

2017-10-11 17:57 - 2017-09-30 07:37 - 001464728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll

2017-10-11 17:57 - 2017-09-30 07:36 - 000855960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll

2017-10-11 17:57 - 2017-09-30 07:36 - 000675224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll

2017-10-11 17:57 - 2017-09-29 09:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2017-10-11 17:57 - 2017-09-29 09:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-10-11 17:57 - 2017-09-29 09:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll

2017-10-11 17:57 - 2017-09-29 09:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll

2017-10-11 17:57 - 2017-09-29 09:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll

2017-10-11 17:57 - 2017-09-29 09:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll

2017-10-11 17:57 - 2017-09-29 09:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2017-10-11 17:57 - 2017-09-29 09:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll

2017-10-11 17:57 - 2017-09-29 09:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll

2017-10-11 17:57 - 2017-09-29 09:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2017-10-11 17:57 - 2017-09-29 09:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll

2017-10-11 17:57 - 2017-09-29 09:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll

2017-10-11 17:57 - 2017-09-29 09:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-10-11 17:57 - 2017-09-29 09:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll

2017-10-11 17:57 - 2017-09-29 09:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2017-10-11 17:57 - 2017-09-29 09:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

2017-10-11 17:57 - 2017-09-29 09:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll

2017-10-11 17:57 - 2017-09-29 09:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll

2017-10-11 17:57 - 2017-09-29 09:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe

2017-10-11 17:57 - 2017-09-29 09:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll

2017-10-11 17:57 - 2017-09-29 09:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll

2017-10-11 17:57 - 2017-09-29 09:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll

2017-10-11 17:57 - 2017-09-29 09:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll

2017-10-11 17:57 - 2017-09-29 09:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll

2017-10-11 17:57 - 2017-09-29 09:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll

2017-10-11 17:57 - 2017-09-29 09:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll

2017-10-11 17:57 - 2017-09-29 09:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll

2017-10-11 17:57 - 2017-09-29 09:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll

2017-10-11 17:57 - 2017-09-29 09:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll

2017-10-11 17:57 - 2017-09-29 09:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2017-10-11 17:57 - 2017-09-29 09:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2017-10-11 17:57 - 2017-09-29 09:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2017-10-11 17:57 - 2017-09-29 09:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2017-10-11 17:57 - 2017-09-29 09:26 - 001197568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll

2017-10-11 17:57 - 2017-09-29 09:26 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe

2017-10-11 17:57 - 2017-09-29 09:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll

2017-10-11 17:57 - 2017-09-29 09:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll

2017-10-11 17:57 - 2017-09-29 09:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll

2017-10-11 17:57 - 2017-09-29 09:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll

2017-10-11 17:57 - 2017-09-29 09:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll

2017-10-11 17:57 - 2017-09-29 09:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll

2017-10-11 17:57 - 2017-09-29 09:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2017-10-11 17:57 - 2017-09-29 09:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll

2017-10-11 17:57 - 2017-09-29 09:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2017-10-11 17:57 - 2017-09-29 09:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll

2017-10-11 17:57 - 2017-09-29 09:24 - 001201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe

2017-10-11 17:57 - 2017-09-29 09:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2017-10-11 17:57 - 2017-09-29 09:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2017-10-11 17:57 - 2017-09-29 09:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe

2017-10-11 17:57 - 2017-09-29 09:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-10-11 17:57 - 2017-09-29 09:23 - 002195968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll

2017-10-11 17:57 - 2017-09-29 09:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-10-11 17:57 - 2017-09-29 09:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll

2017-10-11 17:57 - 2017-09-29 09:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2017-10-11 17:57 - 2017-09-29 09:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2017-10-11 17:57 - 2017-09-29 09:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2017-10-11 17:57 - 2017-09-29 09:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2017-10-11 17:57 - 2017-09-29 09:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2017-10-11 17:57 - 2017-09-29 09:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2017-10-11 17:57 - 2017-09-29 09:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2017-10-11 17:57 - 2017-09-29 09:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll

2017-10-11 17:57 - 2017-09-29 09:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2017-10-11 17:57 - 2017-09-29 09:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll

2017-10-11 17:57 - 2017-09-29 09:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2017-10-11 17:57 - 2017-09-29 09:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2017-10-11 17:57 - 2017-09-29 09:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe

2017-10-11 17:57 - 2017-09-29 09:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll

2017-10-11 17:57 - 2017-09-29 09:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll

2017-10-11 17:57 - 2017-09-29 09:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll

2017-10-11 17:57 - 2017-09-29 09:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll

2017-10-11 17:57 - 2017-09-29 09:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll

2017-10-11 17:57 - 2017-09-29 09:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll

2017-10-11 17:57 - 2017-09-29 09:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll

2017-10-11 17:57 - 2017-09-29 09:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll

2017-10-11 17:57 - 2017-09-29 09:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe

2017-10-11 17:57 - 2017-09-29 09:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll

2017-10-11 17:57 - 2017-09-29 09:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll

2017-10-11 17:57 - 2017-09-29 09:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe

2017-10-11 17:57 - 2017-09-29 09:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe

2017-10-11 17:57 - 2017-09-29 09:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe

2017-10-11 17:57 - 2017-09-19 01:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2017-10-11 17:57 - 2017-09-19 01:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2017-10-11 17:57 - 2017-09-19 01:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi

2017-10-11 17:57 - 2017-09-19 01:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2017-10-11 17:57 - 2017-09-19 01:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2017-10-11 17:57 - 2017-09-19 01:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe

2017-10-11 17:57 - 2017-09-19 01:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2017-10-11 17:57 - 2017-09-19 00:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll

2017-10-11 17:57 - 2017-09-19 00:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll

2017-10-11 17:57 - 2017-09-19 00:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll

2017-10-10 08:15 - 2017-10-10 08:15 - 000015654 _____ C:\Users\joshi\Documents\Tax-Q3-17r.xlsx

2017-10-09 15:28 - 2017-10-09 15:31 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Novabench

2017-10-09 15:28 - 2017-10-09 15:29 - 000000000 ____D C:\ProgramData\Novabench

2017-10-09 15:28 - 2017-10-09 15:28 - 000000000 ____D C:\Users\joshi\AppData\Local\Novabench

2017-10-09 15:27 - 2017-10-09 15:27 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novabench.lnk

2017-10-09 15:27 - 2017-10-09 15:27 - 000000000 ____D C:\Program Files\Novawave

2017-10-09 15:23 - 2017-10-09 15:24 - 096575488 _____ C:\Users\joshi\Downloads\novabench.msi

2017-10-09 12:11 - 2017-10-10 08:15 - 000015653 _____ C:\Users\joshi\Documents\Tax-Q3-17.xlsx

2017-10-05 15:30 - 2017-08-23 11:26 - 000204016 _____ (HP Inc.) C:\WINDOWS\system32\hpmtp210.dll

2017-10-05 15:30 - 2017-08-23 11:25 - 000529136 _____ (HP Inc.) C:\WINDOWS\system32\hpcpn210.dll

2017-10-05 15:30 - 2017-08-23 11:25 - 000494320 _____ (HP Inc.) C:\WINDOWS\SysWOW64\hpcc3210.dll

2017-10-05 15:30 - 2017-08-23 11:25 - 000265128 _____ (HP Inc.) C:\WINDOWS\system32\hpmml210.dll

2017-10-05 15:30 - 2017-08-23 11:25 - 000242088 _____ (HP Inc.) C:\WINDOWS\system32\hpmja210.dll

2017-10-05 15:30 - 2017-08-23 11:25 - 000229616 _____ (HP Inc.) C:\WINDOWS\system32\hpmpm081.dll

2017-10-05 15:30 - 2017-08-23 11:25 - 000178416 _____ (HP Inc.) C:\WINDOWS\system32\hpcjpm.dll

2017-10-05 15:30 - 2017-08-23 11:25 - 000127728 _____ (HP Inc.) C:\WINDOWS\system32\hpmpw081.dll

2017-10-05 15:30 - 2017-08-23 11:24 - 000310696 _____ (HP Inc.) C:\WINDOWS\system32\hpmlm190.dll

2017-10-05 15:28 - 2017-10-05 15:28 - 001544192 _____ C:\Users\joshi\Downloads\Dot4x64 (1).msi

2017-10-05 15:20 - 2017-10-05 15:20 - 018600800 _____ C:\Users\joshi\Downloads\upd-pcl6-x64-6.5.0.22695.exe

2017-10-05 11:04 - 2017-10-05 11:04 - 000477693 _____ C:\Users\joshi\Downloads\044447492420170929214613050951.pdf

2017-10-04 07:37 - 2017-10-04 07:37 - 000056244 _____ C:\Users\joshi\Documents\Tenses.pdf

2017-10-03 22:17 - 2017-10-18 07:36 - 000009888 _____ C:\Users\joshi\Documents\New Girls.xlsx

2017-10-03 21:45 - 2017-10-03 21:45 - 000078770 _____ C:\Users\joshi\Documents\fruit&veg.pdf

2017-10-03 20:23 - 2017-10-04 07:37 - 000081920 _____ C:\Users\joshi\Documents\Tenses.pub

2017-10-03 18:35 - 2017-10-03 18:35 - 000455392 _____ C:\Users\joshi\Documents\clocks.pdf

2017-10-01 19:49 - 2017-10-14 12:35 - 000000000 ____D C:\Users\joshi\AppData\Roaming\WhatsApp

2017-10-01 19:49 - 2017-10-13 11:26 - 000002275 _____ C:\Users\joshi\Desktop\WhatsApp.lnk

2017-10-01 19:49 - 2017-10-13 11:24 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp

2017-10-01 19:49 - 2017-10-13 11:24 - 000000000 ____D C:\Users\joshi\AppData\Local\WhatsApp

2017-10-01 19:49 - 2017-10-13 11:24 - 000000000 ____D C:\Users\joshi\AppData\Local\SquirrelTemp

2017-10-01 19:48 - 2017-10-01 19:49 - 084144400 _____ (WhatsApp) C:\Users\joshi\Downloads\WhatsAppSetup.exe

2017-09-29 20:27 - 2017-10-02 08:29 - 000010518 _____ C:\Users\joshi\Documents\Pearl v us.xlsx

2017-09-29 16:48 - 2017-09-29 16:48 - 000000000 ____D C:\Users\joshi\AppData\Roaming\HandBrake Team

2017-09-29 16:48 - 2017-09-29 16:48 - 000000000 ____D C:\Program Files\HandBrake

2017-09-29 16:46 - 2017-09-29 16:46 - 010468271 _____ C:\Users\joshi\Downloads\HandBrake-1.0.7-x86_64-Win_GUI.exe

2017-09-27 20:23 - 2017-09-27 20:27 - 000000000 ____D C:\Users\joshi\Documents\8mmfilms

2017-09-27 17:14 - 2017-09-29 16:49 - 000000000 ____D C:\Users\joshi\AppData\Roaming\HandBrake

2017-09-27 17:14 - 2017-09-29 16:48 - 000000865 _____ C:\Users\joshi\Desktop\Handbrake.lnk

2017-09-27 17:14 - 2017-09-27 17:14 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake

2017-09-27 17:14 - 2017-09-27 17:14 - 000000000 ____D C:\Program Files (x86)\Handbrake

2017-09-23 12:38 - 2017-09-23 12:38 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray

2017-09-23 12:38 - 2017-09-23 12:38 - 000003208 _____ C:\WINDOWS\System32\Tasks\Avira SystrayStartTrigger

2017-09-21 15:17 - 2017-09-21 15:17 - 000000000 ____D C:\Users\joshi\AppData\Local\Meltytech

2017-09-21 15:16 - 2017-09-21 15:16 - 000001711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk

2017-09-21 15:15 - 2017-09-21 15:16 - 000000000 ____D C:\Program Files\Shotcut

2017-09-21 15:04 - 2017-09-21 15:06 - 193011560 _____ C:\Users\joshi\Downloads\shotcut-win64-170904.exe

2017-09-21 07:42 - 2017-09-21 07:42 - 000001277 _____ C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk

2017-09-21 07:42 - 2017-09-21 07:42 - 000000000 ____D C:\Users\joshi\AppData\Roaming\RealNetworks

2017-09-21 07:42 - 2017-09-21 07:42 - 000000000 ____D C:\ProgramData\RealNetworks

2017-09-21 07:41 - 2017-09-21 07:41 - 000285520 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll

2017-09-21 07:41 - 2017-09-21 07:41 - 000207696 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll

2017-09-21 01:52 - 2017-09-21 01:52 - 000142960 _____ (HP Inc.) C:\WINDOWS\system32\hpmco210.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-19 08:18 - 2017-05-22 15:46 - 000000000 ____D C:\Users\joshi\AppData\LocalLow\Mozilla

2017-10-19 08:07 - 2017-06-14 21:40 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{039BA300-6BEC-4172-AA30-191FCA5DCE5A}

2017-10-19 08:07 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps

2017-10-19 08:07 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness

2017-10-19 08:03 - 2017-06-14 21:24 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs

2017-10-18 22:45 - 2017-06-14 21:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2017-10-18 15:29 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp

2017-10-18 10:20 - 2016-04-16 14:57 - 000000000 ____D C:\Users\joshi\AppData\Local\Packages

2017-10-17 22:19 - 2016-04-16 18:20 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Skype

2017-10-16 20:20 - 2016-04-16 15:33 - 000000000 ____D C:\Users\joshi\AppData\Local\ElevatedDiagnostics

2017-10-16 20:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\System

2017-10-16 07:39 - 2016-05-16 12:51 - 000000000 ____D C:\Program Files (x86)\TeamViewer

2017-10-15 16:59 - 2017-06-14 21:42 - 001115750 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-10-15 16:54 - 2017-06-14 21:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-10-15 16:53 - 2017-03-18 13:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI

2017-10-15 16:43 - 2016-04-16 18:47 - 000000191 _____ C:\Users\joshi\Desktop\Ebay UK.url

2017-10-15 13:48 - 2016-04-21 14:33 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-10-14 22:31 - 2017-06-14 21:26 - 000000000 ____D C:\Users\joshi

2017-10-14 14:19 - 2016-04-16 15:02 - 000000420 _____ C:\Users\joshi\Desktop\This PC - Shortcut.lnk

2017-10-13 02:21 - 2017-03-18 23:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-10-13 02:21 - 2017-03-18 23:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-10-12 22:13 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache

2017-10-12 15:15 - 2016-07-25 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2017-10-12 12:41 - 2016-04-17 20:58 - 000000000 ____D C:\ProgramData\Package Cache

2017-10-12 09:08 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF

2017-10-12 09:05 - 2016-02-13 19:33 - 000000000 __RHD C:\Users\Public\AccountPictures

2017-10-12 09:03 - 2017-06-14 21:23 - 005034824 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-10-12 09:02 - 2017-06-15 20:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2017-10-12 09:02 - 2017-06-15 11:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB

2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\en-GB

2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences

2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Provisioning

2017-10-11 22:14 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2017-10-11 22:13 - 2017-03-18 23:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

2017-10-11 22:13 - 2017-03-18 23:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

2017-10-11 18:06 - 2016-04-16 17:19 - 000000000 ____D C:\WINDOWS\system32\MRT

2017-10-11 18:03 - 2016-04-16 17:19 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-10-11 07:32 - 2016-05-24 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

2017-10-11 07:32 - 2016-05-24 09:56 - 000000000 ____D C:\Program Files (x86)\Garmin

2017-10-11 07:31 - 2017-06-14 21:40 - 000003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask

2017-10-09 11:48 - 2016-12-20 20:44 - 000020240 _____ C:\Users\joshi\Documents\MMBookings2017.xlsx

2017-10-09 10:48 - 2017-09-04 19:38 - 000018725 _____ C:\Users\joshi\Documents\MMBookings2018.xlsx

2017-10-07 17:44 - 2016-04-16 18:19 - 000000000 ___RD C:\Program Files (x86)\Skype

2017-10-07 17:44 - 2016-04-16 18:19 - 000000000 ____D C:\ProgramData\Skype

2017-10-05 15:20 - 2016-04-16 17:12 - 000000000 ____D C:\HP Universal Print Driver

2017-09-29 18:14 - 2016-06-18 14:28 - 000000000 ____D C:\Users\joshi\AppData\Roaming\vlc

2017-09-29 16:23 - 2015-10-18 16:50 - 000000000 ____D C:\backup

2017-09-26 22:53 - 2016-04-16 18:17 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-09-26 22:53 - 2016-04-16 18:17 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-09-25 11:36 - 2016-07-06 15:04 - 000114848 _____ C:\Users\joshi\Documents\joddle.vcf

2017-09-25 11:36 - 2016-05-16 12:51 - 000000000 ____D C:\Users\joshi\AppData\Roaming\TeamViewer

2017-09-23 19:41 - 2016-06-17 17:07 - 000692224 _____ C:\Users\joshi\Documents\OSOBSMembForm.indd

2017-09-23 12:35 - 2016-04-17 19:09 - 000176224 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

2017-09-22 15:35 - 2017-09-04 18:58 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-205630320-448354025-1664443452-1001

2017-09-22 15:35 - 2016-04-16 15:00 - 000002400 _____ C:\Users\joshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2017-09-22 15:35 - 2016-04-16 15:00 - 000000000 ___RD C:\Users\joshi\OneDrive

2017-09-22 11:53 - 2017-07-06 09:02 - 000000000 ____D C:\Users\joshi\Desktop\gardening

2017-09-22 11:27 - 2017-09-12 17:16 - 000010310 _____ C:\Users\joshi\Documents\exch Sept 17.xlsx

2017-09-21 07:56 - 2017-06-14 21:40 - 000003536 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check

2017-09-21 07:42 - 2017-06-14 21:40 - 000003584 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-205630320-448354025-1664443452-1001

2017-09-21 07:42 - 2017-06-14 21:40 - 000003520 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-205630320-448354025-1664443452-1001

2017-09-21 07:42 - 2016-04-17 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks

2017-09-21 07:42 - 2016-04-17 20:57 - 000000000 ____D C:\Users\joshi\AppData\Roaming\Real

2017-09-21 07:42 - 2016-04-17 20:57 - 000000000 ____D C:\Program Files (x86)\Real

2017-09-21 07:42 - 2016-04-17 20:56 - 000000000 ____D C:\ProgramData\Real

2017-09-21 07:41 - 2016-06-20 08:21 - 000512336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll

2017-09-21 07:41 - 2016-06-20 08:21 - 000360784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll

2017-09-20 14:06 - 2017-09-14 15:48 - 000000400 __RSH C:\ProgramData\ntuser.pol

2017-09-20 14:05 - 2017-09-14 15:58 - 000000085 _____ C:\Users\joshi\Downloads\rufus.ini

==================== Files in the root of some directories =======

2016-04-16 16:24 - 2016-04-16 16:24 - 000000057 _____ () C:\ProgramData\Ament.ini

2016-04-18 14:28 - 2016-04-18 14:30 - 000000377 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:

====================

2017-09-23 14:14 - 2017-09-23 14:27 - 058881488 _____ (Skype Technologies S.A.) C:\Users\joshi\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-10 21:54

==================== End of FRST.txt ============================

Posted

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01

Ran by Josh (19-10-2017 08:22:15)

Running from C:\Users\joshi\Desktop

Windows 10 Pro Version 1703 15063.674 (X64) (2017-06-14 19:48:48)

Boot Mode: Normal

==========================================================

 

==================== Accounts: =============================

Administrator (S-1-5-21-205630320-448354025-1664443452-500 - Administrator - Disabled)

ASPNET (S-1-5-21-205630320-448354025-1664443452-1002 - Limited - Enabled)

DefaultAccount (S-1-5-21-205630320-448354025-1664443452-503 - Limited - Disabled)

Guest (S-1-5-21-205630320-448354025-1664443452-501 - Limited - Enabled)

Josh (S-1-5-21-205630320-448354025-1664443452-1001 - Administrator - Enabled) => C:\Users\joshi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)

ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.169 - ABBYY)

Adobe Acrobat 8.1.0 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)

Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)

ANT Drivers Installer x64 (HKLM\...\{B9218A36-7AD3-4046-8D77-31F51DC0D795}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Avira (HKLM-x32\...\{5aafdcfa-1dc4-4c8e-9171-d68f7578dcb2}) (Version: 1.2.98.24768 - Avira Operations GmbH & Co. KG)

Avira (HKLM-x32\...\{857417D9-30F6-4899-9DEE-59785B7A895A}) (Version: 1.2.98.24768 - Avira Operations GmbH & Co. KG) Hidden

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.32.12 - Avira Operations GmbH & Co. KG)

Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP)

Elevated Installer (HKLM-x32\...\{B85F70BE-A5A3-48A2-A790-AF6001F026E0}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden

FastStone Photo Resizer 3.5 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.5 - FastStone Soft.)

Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)

Garmin City Navigator Europe NT 2017.10 (HKLM-x32\...\{C2E4DB83-144A-4D88-A1A7-E8433874AC2A}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{5b328687-2baf-4fb6-b6c7-c49fb4840cba}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{5F4164CE-621E-4AFD-BBFE-1BBE2299710E}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (HKLM-x32\...\{4E9533AB-7743-4B73-A5D2-42207E159E11}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)

Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )

HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)

Jump Ahead 2000 Preschool v2.0 (HKLM-x32\...\JA2000PR_2.0) (Version: - )

Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )

Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.4.0.6486 - Mozilla)

Mozilla Thunderbird 52.4.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 en-GB)) (Version: 52.4.0 - Mozilla)

Novabench (HKLM\...\{CC27A05D-9D9A-43C7-B202-96A0BAAC86B9}) (Version: 4.0.1 - Novawave Inc.)

PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden

Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

RealDownloader (HKLM-x32\...\{2275115D-1431-4A62-A98F-2F0393815327}) (Version: 18.1.9.106 - RealNetworks, Inc.) Hidden

RealDownloader (HKLM-x32\...\{45bcec97-14a2-4e10-a129-58d2d0b34398}) (Version: 18.1.9.106 - RealNetworks) Hidden

RealDownloader (HKLM-x32\...\{85584A8B-8989-42AA-81A0-80ABF61EFAF1}) (Version: 18.1.9.106 - RealNetworks) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.9 - RealNetworks)

RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Scan Tailor (HKLM-x32\...\Scan Tailor) (Version: - )

Shotcut (HKLM-x32\...\Shotcut) (Version: - )

Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)

SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7280 - Analog Devices)

Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)

SPSS Statistics 17.0 (HKLM-x32\...\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}) (Version: 17.0.0 - SPSS Inc.)

TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden

vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden

Video Downloader (HKLM-x32\...\{4C68AE5C-915A-492A-AFCD-B630ECB9522D}) (Version: 18.1.9 - RealNetworks) Hidden

VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)

vs2015_redist x64 (HKLM\...\{EAED8692-5B63-4665-B857-D626633691DA}) (Version: 1.0.0.0 - Realnetworks) Hidden

vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden

VSDC Free Video Editor version 5.7.8.724 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.7.8.724 - Flash-Integro LLC)

WhatsApp (HKU\S-1-5-21-205630320-448354025-1664443452-1001\...\WhatsApp) (Version: 0.2.6426 - WhatsApp)

Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-205630320-448354025-1664443452-1001_Classes\CLSID\{96796C34-5460-E15F-894A-D38EF5BBCEDE}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-11] (Adobe Systems Inc.)

ContextMenuHandlers1: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2014-02-19] (ABBYY Production LLC)

ContextMenuHandlers1: [shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-10-12] (Avira Operations GmbH & Co. KG)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-09-21] (RealNetworks, Inc.)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-11] (Adobe Systems Inc.)

ContextMenuHandlers6: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2014-02-19] (ABBYY Production LLC)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

ContextMenuHandlers6: [shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-10-12] (Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2531BCCF-CE0F-4EAB-91BE-2C352CCBA65D} - System32\Tasks\{7CFDA236-0A64-4177-B209-C5B1EEE17BC6} => "c:\windows\system32\launchwinapp.exe" hxxp://ui.skype.com/ui/0/7.26.0.101/en/abandoninstall?page=tsBing

Task: {76123D1E-DCBA-4B12-9118-914EC942A315} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-10-09] ()

Task: {8A361CCE-87A6-41E3-AA2E-C5AB7B2B4F77} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe

Task: {8FD9940C-81B3-4031-B4DE-A658B982CB6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-16] (Google Inc.)

Task: {9A84B012-3241-499D-A2F4-3C4D4BCD3DEA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

Task: {9B285063-831A-4BDE-8043-DE169624B86D} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)

Task: {A627F4D3-6625-49BB-9618-2BBF832BB2FC} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\RealDownloader\downloader2.exe [2017-08-17] ()

Task: {AE7980CA-AF94-4DC8-9D0A-E00AA2039316} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-16] (Google Inc.)

Task: {B74307DD-A10D-4D17-913A-FBB62F0D73F7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-205630320-448354025-1664443452-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [2017-08-17] (RealNetworks, Inc.)

Task: {C327F00A-B473-4CCC-AFD3-FB9585906D80} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)

Task: {E40AC95F-90EA-41C5-901E-EBE8D2C1F01F} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-10-12] (Avira Operations GmbH & Co. KG)

Task: {F7CA35CE-FCA4-4C90-A250-4CD0A8C9754D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-205630320-448354025-1664443452-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [2017-08-17] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

2017-03-18 22:59 - 2017-03-20 05:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2017-08-17 15:21 - 2017-08-17 15:21 - 001259704 _____ () C:\Program Files (x86)\Real\RealDownloader\downloader2.exe

2017-09-14 08:03 - 2017-09-14 08:04 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-10-05 07:38 - 2017-10-05 07:38 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll

2017-10-05 07:38 - 2017-10-05 07:38 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll

2017-09-21 07:42 - 2017-09-21 07:42 - 000101200 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

 

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

 

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-205630320-448354025-1664443452-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

 

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C4DDB210-7B8E-418C-B818-6BC8AA136146}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe

FirewallRules: [{0664BB01-2EB4-4A29-B7B2-E0B2BB12A499}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe

FirewallRules: [{BF7AEAC7-E524-4257-B846-99FEBC007910}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe

FirewallRules: [{F8435D4C-5149-4F7B-9ABC-417B1FA086D9}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe

FirewallRules: [{D3E6FDC2-E615-44B2-99E0-BB88DF536A9D}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{C86421C0-7659-4445-A9A2-5C8C9447737C}] => (Allow) LPort=5357

FirewallRules: [{17CCEEF5-31F9-4939-8C53-CE81B9549175}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe

FirewallRules: [uDP Query User{CD301444-528A-450B-838D-2D7BF6797AC4}E:\archive\installation\tp-link\powerline utility\powerline scan.exe] => (Allow) E:\archive\installation\tp-link\powerline utility\powerline scan.exe

FirewallRules: [TCP Query User{488B0530-C874-43DD-90B9-F46BB29FB1AA}E:\archive\installation\tp-link\powerline utility\powerline scan.exe] => (Allow) E:\archive\installation\tp-link\powerline utility\powerline scan.exe

FirewallRules: [TCP Query User{AE617C0A-68CF-475A-A668-B73C1A6C2922}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe

FirewallRules: [uDP Query User{57B775C6-9AE7-4E3A-858A-D11563096800}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe

FirewallRules: [{809B8AB4-7262-419D-950E-8DBF5F97AB2A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{21FDDE6F-7BE9-453F-99AB-83FC39D1D84F}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Block) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe

FirewallRules: [uDP Query User{480C3295-6436-440F-A0E7-1AC81F434239}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Block) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe

FirewallRules: [{819CAABA-F439-48CC-8950-141798A1716E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{D104222D-4091-450A-AFAA-ADE691AB4146}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{1F617F90-F5F3-4373-94E9-8D4487C00070}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{588C7B32-C754-442B-BFFA-A2B2834D68B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{3D924AE2-B0FB-4A32-8295-C42BE8202514}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\statistics.com

FirewallRules: [{D4BEA1AE-B438-47B5-A725-3964E55A31B9}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\statistics.com

FirewallRules: [{A0F2951B-05BC-4AB7-89E3-C6DD39FC9D87}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\SPSSWinWrapIDE.exe

FirewallRules: [{B745DFB8-EEB8-438C-B4B2-385D1FB122E4}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\SPSSWinWrapIDE.exe

FirewallRules: [{71039857-FB2D-4930-AB25-F679A6499C67}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\statistics.exe

FirewallRules: [{0540460D-19D9-4524-B4A6-4B4929E018F0}] => (Allow) C:\Program Files (x86)\SPSSInc\Statistics17\statistics.exe

FirewallRules: [{BA27155A-06F0-4942-B24A-02360C7EE0FD}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe

FirewallRules: [{5C609FA8-8D71-4841-AD9C-F6BC8CFC23A1}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe

FirewallRules: [{8C123CA1-9FAA-4557-BA92-C80EA3ACD893}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe

FirewallRules: [{905BD752-4FE7-4F9B-9C74-3FCAB19017FB}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe

FirewallRules: [{A3108015-E39E-41B3-9698-A07414E16C13}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe

FirewallRules: [{8933588D-3738-4838-B524-681FFF56AA5B}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe

FirewallRules: [{A0FF0682-6E9A-4AA8-8C55-C187C97E2B08}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe

FirewallRules: [{93ED78AE-4848-4107-BC52-E21842A858DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [TCP Query User{F4F547B6-C026-44FB-A871-C395904D7900}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe

FirewallRules: [uDP Query User{AD1B8F40-CFD9-44D5-BA3D-29EBEC5DFE9F}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe

==================== Restore Points =========================

02-10-2017 08:19:17 Scheduled Checkpoint

09-10-2017 15:27:11 Installed Novabench

17-10-2017 08:05:12 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: PCI Serial Port

Description: PCI Serial Port

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller

Description: PCI Simple Communications Controller

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

==================== Event log errors: =========================

Application errors:

==================

Error: (10/18/2017 07:34:45 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.674, time stamp: 0x59cdf479

Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b

Exception code: 0xcfffffff

Fault offset: 0x00000000000a5ef4

Faulting process ID: 0x3b68

Faulting application start time: 0x01d347d1085f766a

Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report ID: f89035ee-d394-475c-9962-4d5741cb6841

Faulting package full name: Microsoft.MicrosoftEdge_40.15063.674.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: ContentProcess

Error: (10/18/2017 07:34:45 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.674, time stamp: 0x59cdf479

Faulting module name: win32u.dll, version: 10.0.15063.608, time stamp: 0xd9592a17

Exception code: 0xcfffffff

Fault offset: 0x0000000000001144

Faulting process ID: 0x3558

Faulting application start time: 0x01d347d1d2b17a5c

Faulting application path: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Faulting module path: C:\WINDOWS\System32\win32u.dll

Report ID: 3e2bfff4-15c8-4d62-9179-a3df46f098ea

Faulting package full name: Microsoft.MicrosoftEdge_40.15063.674.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: ContentProcess

Error: (10/18/2017 07:30:51 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: downloader2.exe, version: 18.1.9.106, time stamp: 0x599616f2

Faulting module name: downloader2.exe, version: 18.1.9.106, time stamp: 0x599616f2

Exception code: 0xc0000005

Fault offset: 0x000178db

Faulting process ID: 0x348c

Faulting application start time: 0x01d347d02fb3a0e7

Faulting application path: C:\Program Files (x86)\Real\RealDownloader\downloader2.exe

Faulting module path: C:\Program Files (x86)\Real\RealDownloader\downloader2.exe

Report ID: 1617fc97-1ad8-43c5-97eb-0ae4aa70c009

Faulting package full name:

Faulting package-relative application ID:

Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 104) (User: )

Description: qmgr.dll (10864) QmgrDatabaseInstance: The database engine stopped the instance (0) with error (-1090).

 

Internal Timing Sequence:

[1] 0.000005 +J(0)

[2] 0.000021 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)

[3] 0.000003 +J(0)

[4] 0.000003 +J(0)

[5] 0.0 +J(0)

[6] 0.000065 +J(0) +M(C:0K, Fs:2, WS:-44K # 0K, PF:-52K # 0K, P:-52K)

[7] -

[8] 0.008363 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)

[9] 0.001333 +J(0) +M(C:0K, Fs:2, WS:-28K # 0K, PF:-36K # 0K, P:-36K)

[10] -

[11] 0.000007 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)

[12] -

[13] 0.000034 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)

[14] 0.000217 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-8K # 0K, P:-8K)

[15] 0.000013 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K)

[16] 0.000003 +J(0).

Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 471) (User: )

Description: qmgr.dll (10864) QmgrDatabaseInstance: Unable to rollback operation #-75 on database C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Error: -510. All future database updates will be rejected.

Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 492) (User: )

Description: qmgr.dll (10864) QmgrDatabaseInstance: The logfile sequence in "C:\ProgramData\Microsoft\Network\Downloader\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 413) (User: )

Description: qmgr.dll (10864) QmgrDatabaseInstance: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/17/2017 07:36:39 AM) (Source: ESENT) (EventID: 488) (User: )

Description: qmgr.dll (10864) QmgrDatabaseInstance: An attempt to create the file "C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log" failed with system error 80 (0x00000050): "The file exists. ". The create file operation will fail with error -1814 (0xfffff8ea).

Error: (10/15/2017 05:24:53 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: RealPlayerUpdateSvc.exe, version: 18.1.9.106, time stamp: 0x599621f2

Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e

Exception code: 0xc0000005

Fault offset: 0x00091cc2

Faulting process ID: 0xbb0

Faulting application start time: 0x01d345c586ab3f11

Faulting application path: C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report ID: dba7c64e-793b-479c-9554-31300ef6095c

Faulting package full name:

Faulting package-relative application ID:

Error: (10/13/2017 11:24:47 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: WhatsApp_ExecutionStub.exe, version: 0.2.6426.0, time stamp: 0x5931cd5c

Faulting module name: WhatsApp_ExecutionStub.exe, version: 0.2.6426.0, time stamp: 0x5931cd5c

Exception code: 0xc0000005

Fault offset: 0x00004729

Faulting process ID: 0x2674

Faulting application start time: 0x01d344051caa6eac

Faulting application path: C:\Users\joshi\AppData\Local\WhatsApp\app-0.2.6426\WhatsApp_ExecutionStub.exe

Faulting module path: C:\Users\joshi\AppData\Local\WhatsApp\app-0.2.6426\WhatsApp_ExecutionStub.exe

Report ID: 91719e2e-86b8-4337-94ce-2f7b22ceb2d5

Faulting package full name:

Faulting package-relative application ID:

 

System errors:

=============

Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (10/17/2017 10:41:23 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (10/16/2017 10:33:24 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (10/16/2017 10:33:24 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (10/16/2017 10:33:21 PM) (Source: DCOM) (EventID: 10010) (User: MAIN755)

Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

 

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU E6550 @ 2.33GHz

Percentage of memory in use: 34%

Total physical RAM: 8052.61 MB

Available physical RAM: 5282.88 MB

Total Virtual: 9332.61 MB

Available Virtual: 6389.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.16 GB) (Free:104.24 GB) NTFS

Drive d: (Files) (Fixed) (Total:594.9 GB) (Free:290.38 GB) NTFS

Drive e: (Archive) (Fixed) (Total:1013.41 GB) (Free:376.64 GB) NTFS

Drive f: (Backup1) (Fixed) (Total:898.44 GB) (Free:600.17 GB) NTFS

Drive h: (Backup2) (Fixed) (Total:964.58 GB) (Free:332.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 01F8C637)

Partition 1: (Not Active) - (Size=993 KB) - (Type=42)

Partition 2: (Active) - (Size=100 MB) - (Type=42)

Partition 3: (Not Active) - (Size=254.2 GB) - (Type=42)

Partition 4: (Not Active) - (Size=1608.8 GB) - (Type=42)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 91764494)

Partition 1: (Not Active) - (Size=898.4 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=964.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Posted

Hi joddle,

 

I see nothing in the reports to suggest the issue you have.

The old music playing malware used to change this file:

C:\WINDOWS\system32\rpcss.dll => File is digitally signed
But as you can see, it's legit.... so that's not the problem.

There are a few things to clear up in the reports.

The fix will also clean a few other areas.

 

Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.

NOTE.

It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine.

Running this on another machine may cause damage to your operating system

 

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

 

http://i.imgur.com/HbL7sAI.png

 

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

 

Thanks

fixlist.txt

Member of:

UNITE

Posted

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01

Ran by Josh (19-10-2017 22:40:46) Run:1

Running from D:\Clean

Loaded Profiles: Josh (Available Profiles: Josh)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

GroupPolicy: Restriction <==== ATTENTION

Toolbar: HKU\S-1-5-21-205630320-448354025-1664443452-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

CHR Extension: (Chrome Media Router) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-16]

S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

S3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [X]

CMD: ipconfig /flushdns

Hosts:

EmptyTemp:

*****************

Processes closed successfully.

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully

C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully

HKU\S-1-5-21-205630320-448354025-1664443452-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully

HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.

CHR Extension: (Chrome Media Router) - C:\Users\joshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-16] => Error: No automatic fix found for this entry.

HKLM\System\CurrentControlSet\Services\RoxLiveShare9 => key removed successfully

RoxLiveShare9 => service removed successfully

HKLM\System\CurrentControlSet\Services\stllssvr => key removed successfully

stllssvr => service removed successfully

========= ipconfig /flushdns =========

 

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 137857201 B

Java, Flash, Steam htmlcache => 16629 B

Windows/system/drivers => 191025804 B

Edge => 283464996 B

Chrome => 250768201 B

Firefox => 0 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 0 B

systemprofile32 => 432 B

LocalService => 21322 B

NetworkService => 0 B

joshi => 590768716 B

RecycleBin => 11559723541 B

EmptyTemp: => 12.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-10-2017 22:48:35)

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

==== End of Fixlog 22:48:36 ====

Posted

Hi joddle,

 

The fix ran ok.

This line isn't a problem line....It was my mistake.

I had forgotten that Farbar has removed the ability to remove Chrome extensions.

The extension isn't malicious .... it's classed as 'open to debate'.

If you wanted to remove it you can by using Chromes own tools.

 

From Chrome.....Type chrome://extensions in the address bar and press Enter.

Click the trash can icon by the extension you'd like to completely remove.

A confirmation dialog appears, click Remove.

 

Are you still getting the music playing?

Member of:

UNITE

Posted
Hi Starbuck - music issues appears to be cured. At least I am getting total silence when browsing Ebay whether logged in or not on the offending machine. I don't use Chrome much but have removed the extensions anyway. Many thanks for all the help - much appreciated.
Posted

No problem at all.

Fingers crossed that things stay that way.

 

FRST can now be removed:

 

Right click on the FRST icon and select delete.

Right click on any fixlog.txt or fixlist.txt files and select delete.

Navigate to: C:\frst and delete the frst folder

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...