Jump to content

Recommended Posts

Posted

Hi All,

 

I need help please. I have a Quad Core computer with windows 7 installed onto it and I use Google Chrome as my internet interface thingy.....

 

Just recently every time I click on the Google Chrome icon to open a webpage as it opens up a box appears on the top right hand corner saying "Restore pages" OR, "open start up pages" I click on either one and then my homepage (Yahoo) then opens up but it isn't very long until the yahoo email page of mine starts running very slowly and doesn't allow me to click on anything and the blue circle is rotating and sometimes starts to disappear!

 

I then have to press Ctrl, Alt and Del to open task manager to end the program running. Have I got a bug in my system? can I stop certain programs running in the background on startup? what can I do to get my computer running reasonably quickly again?

 

I have AVG 2017 virus protection (the paid for one) which I thought would stop anything bad happening to my computer.

 

Any help in this matter I would really appreciate as this problem is really getting me down tbh.

 

Many thanks in advance for any help given.

  • Replies 12
  • Created
  • Last Reply

Top Posters In This Topic

Posted

Hi,

 

Do you get this slowing down if you use a different browser [ Internet Explorer / FireFox for instance ] ?

 

I suggest as a test:

Open Chrome and go to your Yahoo email page.

Copy the address from the top - the address starts with http://www....

To copy - highlight it then CTRL + C

 

Then open a different browser.

In the address box at the top Paste your copied address. [ CTRL + V ]

 

See if your email runs ok here.

There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !!

 

MiniToolBox

Network Test

Wireless Test

Posted

Hi,

 

Thanks for advice, Ironically in the last day or so these problems have stopped! I did do the test you advised using Firefox and that did seem quite quick from clicking to opening that page so I am wondering (without opening a can of worms of argument) is Firefox a better (overall) browser than Google?

 

As previously mentioned is it possible to stop certain programs from running when starting up my computer and if so how do I get to take them off that start up list? step by step needed I'm afraid...

 

Many thanks for your help Ken.

Posted

HI,

 

To be honest I don't know which programs I want to stop because I don't even know how to get the list from the computer I just thought if I could stop some programs then it might help speed my computer up as it was fast when I first had it (it should have been being as it was and still is a quad core computer)

  • ExTS Admin
Posted

Hi there,

 

To be honest I don't know which programs I want to stop because I don't even know how to get the list from the computer
We can do that the easy way.

We can get the info for you and advise what could be slowing down the system.

This tool has multiple uses ( it's not just for malware removal)

 

Note:

There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

 

If you are unsure what you're system bit type is..... click Here for help.

 

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

 

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

 

  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.
     
    http://i.imgur.com/YO62v3X.png
     
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

 

 

Let me have both FRST reports and I'll take a look for you.

 

Thanks.

Member of:

UNITE

Posted

Many thanks Mr Creed ;)

 

Here are the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017

Ran by new user (administrator) on PAUL (09-11-2017 08:39:50)

Running from C:\Users\new user\Downloads

Loaded Profiles: new user (Available Profiles: new user & The Bonster)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

 

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

() C:\Program Files (x86)\AVG Secure Search\vprot.exe

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\new user\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ===========================

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-10-20] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [1707080 2017-06-26] ()

HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\Run: [EPSON Stylus DX8400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICEE.EXE [213504 2007-04-12] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\MountPoints2: {b2422a3d-8515-11e2-9be6-806e6f6e6963} - D:\ASRSetup.exe

BootExecute: autocheck autochk * sdnclean64.exe

 

 

==================== Internet (Whitelisted) ====================

 

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{0598379B-B197-4855-9FD1-CC28B583CD28}: [DhcpNameServer] 192.168.1.254

 

 

Internet Explorer:

==================

HKU\S-1-5-21-2864320402-2788383573-256310517-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.yahoo.com/

SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=1404975732044715&q={searchTerms}

SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=1404975732044715&q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=1404975732044715&q={searchTerms}

SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=1404975732044715&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2864320402-2788383573-256310517-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={68E986E8-C6E2-402F-A36A-1846343770B1}&mid=28d85110baea47d3b3366d16b297133d-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=fr&d=2013-03-26 09:57:28&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2864320402-2788383573-256310517-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=1404975732044715&q={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\19.7.0.632\AVG Secure Search_toolbar.dll [2017-06-26] (AVG Secure Search)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

Toolbar: HKLM-x32 - No Name - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - No File

Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\19.7.0.632\AVG Secure Search_toolbar.dll [2017-06-26] (AVG Secure Search)

DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\190.7.0\ViProtocol.dll [2017-06-26] (AVG Secure Search)

 

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-05-15] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-05-15] ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\190.7.0\\npsitesafety.dll [No File]

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

 

 

Chrome:

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> hxxp://pblangfordf4@gmail.com/

CHR StartupUrls: Default -> "hxxps://mg.mail.yahoo.com/neo/launch?.rand=2g7al7i6h3cno#3026011758"

CHR NewTab: Default -> Not-active:"chrome-extension://nbnjjcgcphklgeoailbnmhlcmgibhpkk/newtab/newtab.html"

CHR Profile: C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default [2017-11-09]

CHR Extension: (Docs) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]

CHR Extension: (Google Drive) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]

CHR Extension: (YouTube) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]

CHR Extension: (Google Search) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]

CHR Extension: (Adobe Acrobat) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-17]

CHR Extension: (Google Docs Offline) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]

CHR Extension: (My Quick Converter) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbnjjcgcphklgeoailbnmhlcmgibhpkk [2017-09-16]

CHR Extension: (Chrome Web Store Payments) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]

CHR Extension: (Gmail) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR Extension: (Chrome Media Router) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]

CHR Profile: C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-09-24]

CHR Extension: (Google Slides) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-23]

CHR Extension: (Google Docs) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-23]

CHR Extension: (Google Drive) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-23]

CHR Extension: (Rapport) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2017-09-23]

CHR Extension: (YouTube) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-23]

CHR Extension: (Adobe Acrobat) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-23]

CHR Extension: (Google Sheets) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-23]

CHR Extension: (Google Docs Offline) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-24]

CHR Extension: (Chrome Web Store Payments) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-23]

CHR Extension: (Gmail) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-23]

CHR Extension: (Chrome Media Router) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-23]

CHR Profile: C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-11-04]

CHR Extension: (Slides) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02]

CHR Extension: (Docs) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]

CHR Extension: (Google Drive) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-24]

CHR Extension: (YouTube) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-24]

CHR Extension: (Sheets) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-02]

CHR Extension: (Google Docs Offline) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-24]

CHR Extension: (Chrome Web Store Payments) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-24]

CHR Extension: (Gmail) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-24]

CHR Extension: (Chrome Media Router) - C:\Users\new user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-24]

CHR Profile: C:\Users\new user\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-24]

CHR HKU\S-1-5-21-2864320402-2788383573-256310517-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

 

 

==================== Services (Whitelisted) ====================

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-10-20] (AVG Technologies CZ, s.r.o.)

R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [331952 2017-10-20] (AVG Technologies CZ, s.r.o.)

R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7496672 2017-10-20] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-28] (IBM Corp.)

S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-07-26] (AVG Technologies CZ, s.r.o.)

R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)

S4 vToolbarUpdater190.7.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\190.7.0\ToolbarUpdater.exe [1277512 2017-06-26] (AVG Secure Search)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)

 

 

===================== Drivers (Whitelisted) ======================

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-10-20] (AVG Technologies CZ, s.r.o.)

R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314640 2017-10-20] (AVG Technologies CZ, s.r.o.)

R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-10-20] (AVG Technologies CZ, s.r.o.)

R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-10-20] (AVG Technologies CZ, s.r.o.)

R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-10-20] (AVG Technologies CZ, s.r.o.)

S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-10-20] (AVG Technologies CZ, s.r.o.)

R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [140192 2017-10-20] (AVG Technologies CZ, s.r.o.)

R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2017-09-20] (AVG Technologies CZ, s.r.o.)

R1 avgNetSec; C:\Windows\system32\drivers\avgNetSec.sys [548568 2017-10-20] (AVG Technologies CZ, s.r.o.)

R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-10-20] (AVG Technologies CZ, s.r.o.)

R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-10-20] (AVG Technologies CZ, s.r.o.)

R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1022288 2017-10-26] (AVG Technologies CZ, s.r.o.)

R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [579584 2017-10-20] (AVG Technologies CZ, s.r.o.)

R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [193768 2017-10-20] (AVG Technologies CZ, s.r.o.)

R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [355856 2017-10-20] (AVG Technologies CZ, s.r.o.)

R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [384312 2017-09-28] (IBM Corp.)

R1 RapportCerberus_1804077; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804077.sys [1271448 2017-10-03] (IBM Corp.)

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [585432 2017-09-28] (IBM Corp.)

R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [253912 2017-09-28] (IBM Corp.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [610616 2017-09-28] (IBM Corp.)

R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)

R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)

R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)

R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-07-26] (AVG Netherlands B.V.)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)

S3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

 

 

==================== One Month Created files and folders ========

 

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

 

2017-11-09 08:39 - 2017-11-09 08:41 - 000020492 _____ C:\Users\new user\Downloads\FRST.txt

2017-11-09 08:38 - 2017-11-09 08:39 - 000000000 ____D C:\FRST

2017-11-09 08:38 - 2017-11-09 08:38 - 002403328 _____ (Farbar) C:\Users\new user\Downloads\FRST64 (1).exe

2017-11-09 08:36 - 2017-11-09 08:36 - 002403328 _____ (Farbar) C:\Users\new user\Downloads\FRST64.exe

2017-11-07 21:06 - 2017-11-07 21:06 - 000611447 _____ C:\Users\new user\Downloads\SMFC_COM_29.10.17.pdf

2017-11-07 08:38 - 2017-11-07 08:38 - 003236323 _____ C:\Users\new user\Downloads\archive (24).zip

2017-11-06 18:43 - 2017-11-06 18:43 - 002732307 _____ C:\Users\new user\Downloads\archive (23).zip

2017-11-04 08:21 - 2017-11-04 08:21 - 001233066 _____ C:\Users\new user\Downloads\Shrewsbury Rota 12.11.17.xlsx

2017-11-02 21:49 - 2017-11-02 21:49 - 000300514 _____ C:\Users\new user\Downloads\archive (22).zip

2017-11-01 08:36 - 2017-11-01 08:36 - 000014431 _____ C:\Users\new user\Documents\Email to Dave.odt

2017-11-01 06:36 - 2017-11-01 06:37 - 001228813 _____ C:\Users\new user\Downloads\Shrewsbury Rota 05.11.17 (1).xlsx

2017-11-01 06:36 - 2017-11-01 06:36 - 001227667 _____ C:\Users\new user\Downloads\Shrewsbury Rota 22.10.17 (1).xlsx

2017-11-01 06:33 - 2017-11-01 06:33 - 001227332 _____ C:\Users\new user\Downloads\Shrewsbury Rota 29.10.17 (1).xlsx

2017-10-26 11:27 - 2017-10-26 11:28 - 000016230 _____ C:\Users\new user\Documents\Gaugemaster Base Unit Problem.odt

2017-10-25 15:49 - 2017-10-25 15:49 - 001228813 _____ C:\Users\new user\Downloads\Shrewsbury Rota 05.11.17.xlsx

2017-10-23 18:17 - 2017-10-23 18:17 - 000013959 _____ C:\Users\new user\Documents\World of Tanks issue.odt

2017-10-20 14:38 - 2017-10-20 14:38 - 001227332 _____ C:\Users\new user\Downloads\Shrewsbury Rota 29.10.17.xlsx

2017-10-20 14:37 - 2017-10-20 14:37 - 000402608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe

2017-10-14 17:13 - 2017-10-14 17:13 - 001227667 _____ C:\Users\new user\Downloads\Shrewsbury Rota 22.10.17.xlsx

2017-10-11 15:48 - 2017-10-11 15:48 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe

2017-10-11 11:06 - 2017-09-13 15:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2017-10-11 11:06 - 2017-09-13 15:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2017-10-11 11:06 - 2017-09-13 15:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2017-10-11 11:06 - 2017-09-13 15:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2017-10-11 11:06 - 2017-09-13 15:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2017-10-11 11:06 - 2017-09-13 15:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2017-10-11 11:06 - 2017-09-13 15:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2017-10-11 11:06 - 2017-09-13 15:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2017-10-11 11:06 - 2017-09-13 15:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2017-10-11 11:06 - 2017-09-13 15:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 15:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys

2017-10-11 11:06 - 2017-09-13 15:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2017-10-11 11:06 - 2017-09-13 15:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2017-10-11 11:06 - 2017-09-13 15:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2017-10-11 11:06 - 2017-09-13 15:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2017-10-11 11:06 - 2017-09-13 14:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2017-10-11 11:06 - 2017-09-13 14:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2017-10-11 11:06 - 2017-09-13 14:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2017-10-11 11:06 - 2017-09-13 14:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2017-10-11 11:06 - 2017-09-13 14:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2017-10-11 11:06 - 2017-09-13 14:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2017-10-11 11:06 - 2017-09-13 14:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2017-10-11 11:06 - 2017-09-13 14:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2017-10-11 11:06 - 2017-09-13 14:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2017-10-11 11:06 - 2017-09-13 14:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2017-10-11 11:06 - 2017-09-13 14:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2017-10-11 11:06 - 2017-09-13 14:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2017-10-11 11:06 - 2017-09-13 14:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 14:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 14:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 14:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2017-10-11 11:06 - 2017-09-13 14:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2017-10-11 11:06 - 2017-09-09 00:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2017-10-11 11:06 - 2017-09-08 23:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2017-10-11 11:06 - 2017-09-08 15:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2017-10-11 11:06 - 2017-09-08 15:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll

2017-10-11 11:06 - 2017-09-08 15:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll

2017-10-11 11:06 - 2017-09-08 15:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll

2017-10-11 11:06 - 2017-09-08 15:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll

2017-10-11 11:06 - 2017-09-08 15:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll

2017-10-11 11:06 - 2017-09-08 15:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2017-10-11 11:06 - 2017-09-08 15:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll

2017-10-11 11:06 - 2017-09-08 15:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll

2017-10-11 11:06 - 2017-09-08 15:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll

2017-10-11 11:06 - 2017-09-08 15:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll

2017-10-11 11:06 - 2017-09-08 15:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll

2017-10-11 11:06 - 2017-09-08 15:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll

2017-10-11 11:06 - 2017-09-08 15:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2017-10-11 11:06 - 2017-09-08 15:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe

2017-10-11 11:06 - 2017-09-08 15:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe

2017-10-11 11:06 - 2017-09-08 15:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll

2017-10-11 11:06 - 2017-09-08 15:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll

2017-10-11 11:06 - 2017-09-08 15:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2017-10-11 11:06 - 2017-09-08 15:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll

2017-10-11 11:06 - 2017-09-08 15:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll

2017-10-11 11:06 - 2017-09-08 15:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll

2017-10-11 11:06 - 2017-09-08 15:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll

2017-10-11 11:06 - 2017-09-08 15:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll

2017-10-11 11:06 - 2017-09-08 15:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll

2017-10-11 11:06 - 2017-09-08 15:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll

2017-10-11 11:06 - 2017-09-08 15:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll

2017-10-11 11:06 - 2017-09-08 15:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2017-10-11 11:06 - 2017-09-08 15:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe

2017-10-11 11:06 - 2017-09-08 15:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

2017-10-11 11:06 - 2017-09-08 14:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe

2017-10-11 11:06 - 2017-09-08 14:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll

2017-10-11 11:06 - 2017-09-08 14:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll

2017-10-11 11:06 - 2017-09-08 14:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\m***cl40.dll

2017-10-11 11:06 - 2017-09-08 14:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll

2017-10-11 11:06 - 2017-09-07 21:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2017-10-11 11:06 - 2017-09-07 21:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2017-10-11 11:06 - 2017-09-07 21:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2017-10-11 11:06 - 2017-09-07 21:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2017-10-11 11:06 - 2017-09-07 21:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2017-10-11 11:06 - 2017-09-07 21:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2017-10-11 11:06 - 2017-09-07 21:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2017-10-11 11:06 - 2017-09-07 21:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2017-10-11 11:06 - 2017-09-07 21:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2017-10-11 11:06 - 2017-09-07 21:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2017-10-11 11:06 - 2017-09-07 21:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2017-10-11 11:06 - 2017-09-07 21:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2017-10-11 11:06 - 2017-09-07 21:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2017-10-11 11:06 - 2017-09-07 21:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2017-10-11 11:06 - 2017-09-07 21:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2017-10-11 11:06 - 2017-09-07 21:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2017-10-11 11:06 - 2017-09-07 20:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2017-10-11 11:06 - 2017-09-07 20:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2017-10-11 11:06 - 2017-09-07 20:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2017-10-11 11:06 - 2017-09-07 20:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2017-10-11 11:06 - 2017-09-07 20:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2017-10-11 11:06 - 2017-09-07 20:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2017-10-11 11:06 - 2017-09-07 20:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2017-10-11 11:06 - 2017-09-07 20:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2017-10-11 11:06 - 2017-09-07 20:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2017-10-11 11:06 - 2017-09-07 20:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2017-10-11 11:06 - 2017-09-07 20:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2017-10-11 11:06 - 2017-09-07 20:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2017-10-11 11:06 - 2017-09-07 20:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2017-10-11 11:06 - 2017-09-07 20:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2017-10-11 11:06 - 2017-09-07 20:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2017-10-11 11:06 - 2017-09-07 19:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2017-10-11 11:06 - 2017-09-07 19:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2017-10-11 11:06 - 2017-09-07 19:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2017-10-11 11:06 - 2017-09-07 19:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2017-10-11 11:06 - 2017-09-07 19:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2017-10-11 11:06 - 2017-09-07 19:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2017-10-11 11:06 - 2017-09-07 19:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2017-10-11 11:06 - 2017-09-07 19:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2017-10-11 11:06 - 2017-09-07 19:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2017-10-11 11:06 - 2017-09-07 19:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2017-10-11 11:06 - 2017-09-07 19:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2017-10-11 11:06 - 2017-09-07 19:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2017-10-11 11:06 - 2017-09-07 19:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2017-10-11 11:06 - 2017-09-07 19:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2017-10-11 11:06 - 2017-09-07 18:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2017-10-11 11:06 - 2017-09-07 18:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2017-10-11 11:06 - 2017-09-07 18:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2017-10-11 11:06 - 2017-09-07 18:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2017-10-11 11:06 - 2017-09-07 18:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2017-10-11 11:06 - 2017-09-07 18:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2017-10-11 11:06 - 2017-09-07 18:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2017-10-11 11:06 - 2017-09-07 18:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2017-10-11 11:06 - 2017-09-07 18:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2017-10-11 11:06 - 2017-09-07 18:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2017-10-11 11:06 - 2017-09-07 18:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2017-10-11 11:06 - 2017-09-07 18:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2017-10-11 11:06 - 2017-09-07 18:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2017-10-11 11:06 - 2017-09-07 18:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2017-10-11 11:06 - 2017-09-07 18:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2017-10-11 11:06 - 2017-09-07 18:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2017-10-11 11:06 - 2017-09-07 18:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2017-10-11 11:06 - 2017-09-07 18:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2017-10-11 11:06 - 2017-09-07 18:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2017-10-11 11:06 - 2017-09-07 17:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2017-10-11 11:06 - 2017-09-07 17:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2017-10-11 11:06 - 2017-09-07 15:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll

2017-10-11 11:06 - 2017-09-07 15:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll

2017-10-11 11:06 - 2017-09-07 14:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2017-10-11 11:06 - 2017-09-07 14:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2017-10-11 11:06 - 2017-09-07 14:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2017-10-11 11:06 - 2017-08-19 15:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2017-10-11 11:06 - 2017-08-19 15:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2017-10-11 11:06 - 2017-08-19 15:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2017-10-11 11:06 - 2017-08-19 15:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2017-10-11 11:06 - 2017-08-19 15:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2017-10-11 11:06 - 2017-08-19 15:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2017-10-11 11:06 - 2017-08-19 15:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2017-10-11 11:06 - 2017-08-19 15:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2017-10-11 11:06 - 2017-08-19 14:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2017-10-11 11:06 - 2017-08-19 14:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2017-10-11 11:06 - 2017-08-14 17:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll

2017-10-11 11:06 - 2017-08-14 17:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll

2017-10-11 11:06 - 2017-08-14 17:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll

2017-10-11 11:06 - 2017-08-13 21:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

 

 

==================== One Month Modified files and folders ========

 

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

 

2017-11-09 08:26 - 2009-07-14 04:45 - 000032768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-11-09 08:26 - 2009-07-14 04:45 - 000032768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-11-09 08:16 - 2009-07-14 05:13 - 000783464 _____ C:\Windows\system32\PerfStringBackup.INI

2017-11-09 08:16 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf

2017-11-09 08:13 - 2013-03-08 15:01 - 000000000 ____D C:\Users\new user\Desktop\Ebay

2017-11-09 08:11 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2017-11-08 21:59 - 2016-11-07 15:19 - 000003590 _____ C:\Windows\System32\Tasks\AVG EUpdate Task

2017-11-07 16:36 - 2016-11-07 15:18 - 000000000 ____D C:\ProgramData\Avg

2017-11-06 19:13 - 2017-07-26 13:03 - 000000000 ____D C:\Program Files (x86)\SwannView Link

2017-11-06 18:54 - 2017-03-08 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2017-11-06 18:54 - 2016-11-07 15:20 - 000001008 _____ C:\Users\Public\Desktop\AVG.lnk

2017-10-30 10:56 - 2013-03-08 15:01 - 000000000 ____D C:\Users\new user\Desktop\Emailing photo's

2017-10-26 19:36 - 2017-03-07 07:18 - 001022288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys

2017-10-20 14:37 - 2017-03-07 07:18 - 000579584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys

2017-10-20 14:37 - 2017-03-07 07:18 - 000355856 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys

2017-10-20 14:37 - 2017-03-07 07:18 - 000193768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys

2017-10-20 14:37 - 2017-03-07 07:18 - 000140192 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys

2017-10-20 14:37 - 2017-03-07 07:18 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys

2017-10-20 14:37 - 2017-03-07 07:18 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys

2017-10-20 14:37 - 2017-03-07 07:18 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys

2017-10-20 14:37 - 2017-03-07 07:18 - 000003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update

2017-10-20 14:36 - 2017-09-20 21:12 - 000548568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys

2017-10-20 14:36 - 2017-03-07 07:18 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys

2017-10-20 14:36 - 2017-03-07 07:18 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys

2017-10-20 14:36 - 2017-03-07 07:18 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys

2017-10-20 14:36 - 2017-03-07 07:18 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys

2017-10-20 14:36 - 2017-03-07 07:18 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys

2017-10-12 16:31 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\rescache

2017-10-12 15:33 - 2009-07-14 04:45 - 000391672 _____ C:\Windows\system32\FNTCACHE.DAT

2017-10-11 15:52 - 2013-07-23 17:28 - 000000000 ____D C:\Windows\system32\MRT

2017-10-11 15:48 - 2013-03-04 15:42 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-10-11 15:45 - 2013-03-06 10:18 - 000767330 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

 

 

==================== Files in the root of some directories =======

 

 

2013-03-22 09:51 - 2013-03-22 09:51 - 000000017 _____ () C:\Users\new user\AppData\Local\resmon.resmoncfg

 

 

==================== Bamital & volsnap ======================

 

 

(There is no automatic fix for files that do not pass verification.)

 

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2017-10-30 09:55

 

 

==================== End of FRST.txt ============================

Posted

Hi, sorry I have had to do two separate replies because it wouldn't allow to post more than 80000 characters.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017

Ran by new user (09-11-2017 08:41:36)

Running from C:\Users\new user\Downloads

Windows 7 Professional Service Pack 1 (X64) (2013-03-04 14:04:23)

Boot Mode: Normal

==========================================================

 

 

 

 

==================== Accounts: =============================

 

 

Administrator (S-1-5-21-2864320402-2788383573-256310517-500 - Administrator - Disabled)

Guest (S-1-5-21-2864320402-2788383573-256310517-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2864320402-2788383573-256310517-1005 - Limited - Enabled)

new user (S-1-5-21-2864320402-2788383573-256310517-1000 - Administrator - Enabled) => C:\Users\new user

The Bonster (S-1-5-21-2864320402-2788383573-256310517-1003 - Administrator - Enabled) => C:\Users\The Bonster

 

 

==================== Security Center ========================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

 

AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

FW: AVG Antivirus (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

 

 

==================== Installed Programs ======================

 

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)

Any Video Converter 5 5.0.4 (HKLM-x32\...\Any Video Converter 5_is1) (Version: - Any-Video-Converter.com)

ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)

AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden

AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 17.7.3032 - AVG Technologies)

AVG PC TuneUp (HKLM-x32\...\{A3DEEC4D-7D8A-465E-90BD-B853A19DDF82}) (Version: 16.75.1 - AVG Technologies) Hidden

AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.75.3.10304 - AVG Technologies)

AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 19.7.0.632 - AVG Technologies)

Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)

CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

EPSON Attach To Email (HKLM-x32\...\{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON) Hidden

EPSON Attach To Email (HKLM-x32\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)

EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )

EPSON Easy Photo Print (HKLM-x32\...\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}) (Version: 1.5.0.0 - SEIKO EPSON CORPORATION)

EPSON File Manager (HKLM-x32\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )

EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )

EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )

EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual (HKLM-x32\...\EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide) (Version: - )

FairStars CD Ripper 1.80 (HKLM-x32\...\FairStars CD Ripper_is1) (Version: - FairStars Soft)

FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)

FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden

Free Audio Converter version 5.0.55.113 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.55.113 - DVDVideoSoft Ltd.)

Google Chrome (HKLM-x32\...\{3B673B37-EFF7-3BA0-94FF-CE8C46C36DD6}) (Version: 60.0.3112.113 - Google, Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

LibreOffice 4.0.1.2 (HKLM-x32\...\{604B2A5C-B1CE-45B2-ADCC-6B7C721AC3AC}) (Version: 4.0.1.2 - The Document Foundation)

Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6134.5003 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.37 - NCH Software)

Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.161 - Trusteer) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)

Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden

Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)

Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

SwannView Link version 2.1.2.43 (HKLM-x32\...\{992EF7D5-3D70-6E7F-AFDC-8C946676BD6E}_is1) (Version: 2.1.2.43 - )

TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.18051 - TeamViewer)

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.161 - Trusteer)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

ZoneAlarm Firewall (HKLM-x32\...\{D4FB136D-2802-4578-A023-E7243BD0D7D5}) (Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden

ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.768.000 - Check Point)

ZoneAlarm Security (HKLM-x32\...\{C47B36EC-0639-4462-A9CE-7809CF2F6100}) (Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden

 

 

==================== Custom CLSID (Whitelisted): ==========================

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\ChromeHTML: -> <==== ATTENTION

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-10-20] (AVG Technologies CZ, s.r.o.)

ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-07-26] (AVG Technologies CZ, s.r.o.)

ContextMenuHandlers1-x32: [EPPShellEx] -> {509FE1AF-ADD5-49EC-BC55-7CF81FD16E78} => C:\Program Files (x86)\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll [2007-03-05] (SEIKO EPSON CORPORATION)

ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2017-07-26] (AVG Technologies CZ, s.r.o.)

ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-07-26] (AVG Technologies CZ, s.r.o.)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-03-28] (Advanced Micro Devices, Inc.)

ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-10-20] (AVG Technologies CZ, s.r.o.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION

Task: {3CB11F86-AD9F-4BD8-8CE2-281DFD6D46D0} - System32\Tasks\GoogleUpdateTaskMachineUA1d12f7b13503138 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {4080913A-B934-46E0-A72B-F866F62DF78D} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-07-26] (AVG Technologies CZ, s.r.o.)

Task: {43F9612A-686B-48F4-9530-F9105CB9BCFF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

Task: {7AFD2A4E-3F15-4BC9-8E1E-CCE28A1ECD62} - System32\Tasks\{49148183-0AA3-44AC-BA66-7181E6867E2E} => C:\Windows\system32\pcalua.exe -a "C:\Users\new user\Downloads\1330988202_kx_e103w.exe" -d "C:\Users\new user\Downloads"

Task: {7D83B3FB-4D38-429F-83AF-5D5DF547F1FB} - System32\Tasks\{AFC08332-262D-4705-BDAC-742EE2A1FBDE} => C:\Windows\system32\pcalua.exe -a D:\epson324563eu.exe -d D:\

Task: {97576086-0F1C-49A7-9335-7176CE50D813} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {9D1A9AEC-3040-4EFE-9E7B-F2AED71D990D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {A85EED16-EEC6-4738-B3CE-7D2FEBCE6EF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)

Task: {AAD0822B-07EC-4D8D-AEFC-436903F80FFB} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe

Task: {AC3CEF59-C870-4BD0-AC25-C9E2C19D9719} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION

Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION

Task: {CB03259F-C87E-4F9F-A8B8-6FC46484B34F} - System32\Tasks\GoogleUpdateTaskMachineCore1d12f7b130d8ab0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION

Task: {DC8B5FA2-406A-43F8-9AEA-37009ADDE4BF} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-10-20] (AVG Technologies CZ, s.r.o.)

Task: {F7AA14FF-9469-47DA-926B-9FD68FA322A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)

Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

Task: {FBE3BB8A-CC57-4677-A365-1B53D998929F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION

 

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

 

==================== Shortcuts & WMI ========================

 

 

(The entries could be listed to be restored or removed.)

 

 

 

 

==================== Loaded Modules (Whitelisted) ==============

 

 

2013-03-28 21:31 - 2013-03-28 21:31 - 000210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2012-09-23 12:53 - 2012-09-23 12:53 - 000748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2012-09-23 12:53 - 2012-09-23 12:53 - 003645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2013-03-26 09:57 - 2017-06-26 18:23 - 001707080 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe

2017-09-13 07:38 - 2017-09-13 07:38 - 000068528 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\module_lifetime.dll

2017-08-28 19:02 - 2017-08-23 08:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll

2017-08-28 19:02 - 2017-08-23 08:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll

2017-09-13 07:38 - 2017-09-13 07:38 - 000170952 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll

2017-10-25 15:26 - 2017-10-25 15:26 - 000853048 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll

2017-10-20 14:36 - 2017-10-20 14:36 - 000287832 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll

2017-09-13 07:38 - 2017-09-13 07:38 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll

2017-10-20 14:36 - 2017-10-20 14:36 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll

2017-10-20 14:36 - 2017-10-20 14:36 - 000218208 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll

2017-10-20 14:36 - 2017-10-20 14:36 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll

2017-10-20 14:36 - 2017-10-20 14:36 - 000152224 _____ () C:\Program Files (x86)\AVG\Antivirus\network_notifications.dll

2017-11-08 16:25 - 2017-11-08 16:25 - 005880160 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17110802\algo.dll

2017-10-25 15:26 - 2017-10-25 15:26 - 000704456 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll

2017-10-20 14:36 - 2017-10-20 14:36 - 000242568 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll

2016-11-28 09:43 - 2016-11-28 09:43 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

2017-07-10 05:14 - 2017-07-10 05:14 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll

2015-06-02 14:51 - 2015-06-02 14:51 - 000545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

 

 

==================== Alternate Data Streams (Whitelisted) =========

 

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

 

 

==================== Safe Mode (Whitelisted) ===================

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

 

 

==================== Association (Whitelisted) ===============

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

 

 

==================== Internet Explorer trusted/restricted ===============

 

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\008k.com -> http://www.008k.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\00hq.com -> http://www.00hq.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\0scan.com -> http://www.0scan.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\1-2005-search.com -> http://www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\1-domains-registrations.com -> http://www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\1000gratisproben.com -> http://www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\1001namen.com -> http://www.1001namen.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\100***links.com -> http://www.100***links.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\10sek.com -> http://www.10sek.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\123f****.info -> http://www.123f****.info

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\123haustiereundmehr.com -> http://www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\123moviedownload.com -> http://www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\123simsen.com -> http://www.123simsen.com

 

 

There are 7812 more sites.

 

 

 

 

==================== Hosts content: ===============================

 

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

 

2009-07-14 02:34 - 2009-06-10 21:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

 

 

 

 

==================== Other Areas ============================

 

 

(Currently there is no automatic fix for this section.)

 

 

HKU\S-1-5-21-2864320402-2788383573-256310517-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\new user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is disabled.

 

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

MSCONFIG\startupreg: EPSON Stylus DX8400 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICEE.EXE /FU "C:\Windows\TEMP\E_S7FC9.tmp" /EF "HKCU"

MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

MSCONFIG\startupreg: WSHelperSetup.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

 

 

==================== FirewallRules (Whitelisted) ===============

 

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{9F26CEA4-99EF-4EF2-B702-5FA9561163CD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

FirewallRules: [{339F41B3-5ED0-48BE-BF8F-F2F2CF1B2A37}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

FirewallRules: [{DFD4ABEA-5972-42E8-ABC2-1858DE09861C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

FirewallRules: [{CBA12E5E-4FD6-4B36-A3EB-9459F79AAB2B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

FirewallRules: [{1D291312-1E63-4751-9BC3-664DD2282B92}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{2F007F18-84EC-4FA6-9DF9-75E6D85EF815}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{05D45CCC-C025-4199-BCB0-C074C752B266}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{6027C02F-E347-472E-BBDE-A17583556747}] => (Allow) LPort=2869

FirewallRules: [{B5135DBE-1C44-4EAC-8A34-B30B97BFEDB3}] => (Allow) LPort=1900

FirewallRules: [{B108543F-23AB-4E9E-B868-4E743222AA2B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Restore Points =========================

 

 

18-10-2017 20:21:17 Scheduled Checkpoint

26-10-2017 08:31:15 Scheduled Checkpoint

02-11-2017 11:43:23 Scheduled Checkpoint

07-11-2017 08:57:33 Windows Update

 

 

==================== Faulty Device Manager Devices =============

 

 

 

 

==================== Event log errors: =========================

 

 

Application errors:

==================

Error: (11/09/2017 08:11:58 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

 

Error: (11/09/2017 08:10:58 AM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start

 

 

Error: (11/08/2017 10:13:25 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start

 

 

Error: (11/08/2017 03:22:34 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

 

Error: (11/08/2017 03:21:47 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start

 

 

Error: (11/07/2017 09:53:39 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start

 

 

Error: (11/07/2017 09:53:17 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start

 

 

Error: (11/07/2017 04:19:59 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program chrome.exe version 60.0.3112.113 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

 

Process ID: 18c8

 

 

Start Time: 01d357da5e9abe54

 

 

Termination Time: 6

 

 

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

Report Id:

 

 

Error: (11/07/2017 03:06:25 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

 

Error: (11/07/2017 03:05:15 PM) (Source: ATIeRecord) (EventID: 16386) (User: )

Description: ATI EEU Client has failed to start

 

 

 

 

System errors:

=============

Error: (11/07/2017 08:58:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.

 

 

Error: (11/06/2017 06:38:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The ZoneAlarm Privacy Service service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

 

 

Error: (11/06/2017 06:38:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm Privacy Service service to connect.

 

 

Error: (10/26/2017 07:27:56 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 15:34:25 on ‎26/‎10/‎2017 was unexpected.

 

 

Error: (10/25/2017 03:19:27 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

 

 

Error: (10/22/2017 10:13:40 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 10:24:28 on ‎22/‎10/‎2017 was unexpected.

 

 

Error: (10/21/2017 10:47:33 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 11:32:44 on ‎21/‎10/‎2017 was unexpected.

 

 

Error: (10/16/2017 02:37:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The ZoneAlarm Privacy Service service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

 

 

Error: (10/16/2017 02:37:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm Privacy Service service to connect.

 

 

Error: (10/14/2017 05:09:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The ZoneAlarm Privacy Service service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

 

 

 

 

==================== Memory info ===========================

 

 

Processor: AMD A8-5600K APU with Radeon HD Graphics

Percentage of memory in use: 42%

Total physical RAM: 8166.66 MB

Available physical RAM: 4713.56 MB

Total Virtual: 16331.5 MB

Available Virtual: 12664.49 MB

 

 

==================== Drives ================================

 

 

Drive c: () (Fixed) (Total:931.41 GB) (Free:813.13 GB) NTFS

Drive h: () (Removable) (Total:29.97 GB) (Free:29.8 GB) FAT32

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8C217D35)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

 

========================================================

Disk: 2 (Size: 30 GB) (Disk ID: 00000000)

 

 

Partition: GPT.

 

 

==================== End of Addition.txt ============================

  • ExTS Admin
Posted

Hi madon37s

 

sorry I have had to do two separate replies because it wouldn't allow to post more than 80000 characters.
That's perfectly ok.

 

Although there are a few issues we need to address in the reports, It looks like the bulk of your problems are program conflicts.

 

A system should never have multiple AV programs or multiple Firewalls installed.

 

ZoneAlarm Security

Includes an AV program as well as the Firewall.

 

We protect your PC from ransomware, phishing attacks, viruses, spyware and other cyber threats with our advanced security software products

AVG Internet Security

Includes a firewall as well as other security software.

 

Payment Protection

 

Shop and bank online freely and securely

Whether browsing, banking, or shopping, this is the added internet protection you need. We block spam and scams, and even help you avoid fake copycat websites, to prevent you from accidentally giving our passwords or credit card numbers to the bad guys

Keep hackers away with Enhanced Firewall

 

So it looks like you have 2 firewalls running and 2 AV programs..... that is cause for alarm.

Then we get to:

 

Trusteer Endpoint Protection

 

AVG is already giving you banking protection .... so these could well conflict.

 

Also... if you do a search for Trusteer Rapport problems, you'll find there's a lot of people complaining about it.

These are just 2 threads on another site that I work that are Trusteer related:

 

trusteer rapport

 

IBM Trusteer Rapport - Is it fit for purpose?

 

It is known to have problems with newer versions of Chrome and some AV programs.

It's not something that I would want on any of my systems.

 

Recommendation.

 

I'd advise removing the following programs and let AVG do it's job properly.

 

Trusteer Endpoint Protection

ZoneAlarm Security

 

------------------

Now to tidy up the reports. (we'll also remove the Spybot leftovers)

 

Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\new user\Downloads.

NOTE.

It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine.

Running this on another machine may cause damage to your operating system

 

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

 

http://i.imgur.com/HbL7sAI.png

 

The tool will make a log in the Download folder (Fixlog.txt).

 

Please post this in your next reply.

Also let me know if there's any improvement in the system.

 

Thanks

fixlist.txt

Member of:

UNITE

Posted

Hi, Sorry for late reply, can you believe it my wireless keyboard went south and I was working all weekend so could only go and buy a new (wired) one this morning.

 

Again a massive thank you for all your help Starbuck. I have (i think!) done all the things in your last reply and below should be the log of the fix that I did.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03Ran by new user (13-11-2017 10:32:25) Run:1

Running from C:\Users\new user\Downloads

Loaded Profiles: new user (Available Profiles: new user & The Bonster)

Boot Mode: Normal

==============================================

 

 

fixlist content:

*****************

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

BootExecute: autocheck autochk * sdnclean64.exe

SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=421&apn_dtid= BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=1404975732 044715&q={searchTerms}

SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=421&apn_dtid= BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=1404975732 044715&q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=421&apn_dtid= BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=1404975732 044715&q={searchTerms}

SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=421&apn_dtid= BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=1404975732 044715&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2864320402-2788383573-256310517-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=421&apn_dtid= BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=1404975732 044715&q={searchTerms}

Toolbar: HKLM-x32 - No Name - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - No File

S3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]

HKU\S-1-5-21-2864320402-2788383573-256310517-1000\...\ChromeHTML: -> <==== ATTENTION

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File

Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION

Task: {7AFD2A4E-3F15-4BC9-8E1E-CCE28A1ECD62} - System32\Tasks\{49148183-0AA3-44AC-BA66-7181E6867E2E} => C:\Windows\system32\pcalua.exe -a "C:\Users\new user\Downloads\1330988202_kx_e103w.exe" -d "C:\Users\new user\Downloads"

Task: {AC3CEF59-C870-4BD0-AC25-C9E2C19D9719} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION

Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION

Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION

Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

Task: {FBE3BB8A-CC57-4677-A365-1B53D998929F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION

CMD: ipconfig /flushdns

Hosts:

EmptyTemp:

 

 

*****************

 

 

Processes closed successfully.

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully

HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} => key removed successfully

HKLM\Software\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} => key removed successfully

HKLM\Software\Wow6432Node\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} => key not found.

HKU\S-1-5-21-2864320402-2788383573-256310517-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} => key removed successfully

HKLM\Software\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} => value removed successfully

HKLM\Software\Wow6432Node\Classes\CLSID\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} => key not found.

HKLM\System\CurrentControlSet\Services\AxtuDrv => key removed successfully

AxtuDrv => service removed successfully

HKU\S-1-5-21-2864320402-2788383573-256310517-1000_Classes\ChromeHTML => key removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully

HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key removed successfully

HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key removed successfully

HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key removed successfully

HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key removed successfully

HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key removed successfully

HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key removed successfully

HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key removed successfully

HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AFD2A4E-3F15-4BC9-8E1E-CCE28A1ECD62} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFD2A4E-3F15-4BC9-8E1E-CCE28A1ECD62} => key removed successfully

C:\Windows\System32\Tasks\{49148183-0AA3-44AC-BA66-7181E6867E2E} => moved successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{49148183-0AA3-44AC-BA66-7181E6867E2E} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC3CEF59-C870-4BD0-AC25-C9E2C19D9719} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC3CEF59-C870-4BD0-AC25-C9E2C19D9719} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBE3BB8A-CC57-4677-A365-1B53D998929F} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBE3BB8A-CC57-4677-A365-1B53D998929F} => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully

 

 

========= ipconfig /flushdns =========

 

 

 

 

Windows IP Configuration

 

 

Successfully flushed the DNS Resolver Cache.

 

 

========= End of CMD: =========

 

 

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

 

 

=========== EmptyTemp: ==========

 

 

BITS transfer queue => 12582912 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27684851 B

Java, Flash, Steam htmlcache => 506 B

Windows/system/drivers => 426 B

Edge => 0 B

Chrome => 1460832402 B

Firefox => 0 B

Opera => 0 B

 

 

Temp, IE cache, history, cookies, recent:

Users => 0 B

Default => 0 B

Public => 0 B

ProgramData => 0 B

systemprofile => 120700549 B

systemprofile32 => 190388 B

LocalService => 0 B

NetworkService => 0 B

new user => 14916151 B

TEMP.PAUL.000 => 0 B

The Bonster => 760277 B

 

 

RecycleBin => 2697999300 B

EmptyTemp: => 4 GB temporary data Removed.

 

 

================================

 

 

 

 

The system needed a reboot.

 

 

==== End of Fixlog 10:33:24 ====

 

I will say that the computer does seem to respond better to my mouse and typing and it also seems quicker when clicking on to web pages. One question, I don't seem to get notifications of replies on this thread but I'm sure I have ticked the box to get them! any reason why Starbuck? Am I missing something?

  • ExTS Admin
Posted
One question, I don't seem to get notifications of replies on this thread but I'm sure I have ticked the box to get them! any reason why Starbuck? Am I missing something?
Most of the time I get the same problem.

Notification emails go into my spam folder..... even if I mark it as not spam and move it to the inbox, the same happens next time.

 

Glad to hear there's been an improvement.

What did you do regarding:

Trusteer Endpoint Protection

ZoneAlarm Security

Member of:

UNITE

Posted
I took your direct advice and uninstalled them from my computer mate and it really has made a difference and I must thank you massively again.
  • ExTS Admin
Posted

That's good to hear.

 

FRST can now be removed:

 

Right click on the FRST icon and select delete.

Right click on any fixlog.txt or fixlist.txt files and select delete.

Navigate to: C:\frst and delete the frst folder.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...