Skyclad Posted May 5, 2019 Posted May 5, 2019 Hello to my friends at freepchelp! Just today I've noticed that my computer is running super slow and not sure what could have caused this, unless some nasty virus or malware of course.. I was wondering if you guys could help me with a quick scan of my machine.. Please let me know! Thanks... S Quote
ExTS Admin Starbuck Posted May 6, 2019 ExTS Admin Posted May 6, 2019 Hi Skyclad, No problem, just run FRST and we'll take a look for you. Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator When the tool opens click Yes to disclaimer. Make sure that Addition.txt is selected at the bottom Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. It also makes another log (Addition.txt)..... Please copy and paste it to your reply also. Quote Member of:UNITE
Skyclad Posted May 6, 2019 Author Posted May 6, 2019 (edited) Hi Starbuck.... Thanks for your assistance once again....! Please find the files you requested attached below.. I did want to mention one other thing I noticed yesterday when things were running slow.. When clicking on the icon that displays my WiFi connections at the bottom right of the screen, the one I was running at the time stated "poor" with regard to signal strength.. Today, the speed is a bit better (not optimal) and it reads as "fair".. I know this is a different issue, but if nothing is found in the scans, that might be one of the problems I'm having.. One step at a time I guess....:) Thanks again for your help...! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05.2019 Ran by Mike (administrator) on HOME (Gigabyte Technology Co., Ltd. GA-MA78GM-US2H) (06-05-2019 16:45:24) Running from C:\Users\Mike\Desktop Loaded Profiles: Mike (Available Profiles: Mike & HP_OWNER) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (AOL Inc. -> AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (CobianSoft, Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe (Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe (Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\Cobian.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1387389289\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc. -> AOL Inc.) HKLM-x32\...\Run: [Cobian Backup 11] => C:\Program Files (x86)\Cobian Backup 11\Cobian.exe [720896 2013-03-08] (Luis Cobian, CobianSoft) [File not signed] HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Run: [Google Update] => C:\Users\Mike\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-28] (Google Inc -> Google LLC) HKU\S-1-5-18\...\RunOnce: [sPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems, Inc.) Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Cartridge Alerts - HP OfficeJet 3830 series.lnk [2019-05-05] ShortcutAndArgument: Monitor Cartridge Alerts - HP OfficeJet 3830 series.lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP OfficeJet 3830 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN85H5Q23706VZ;CONNECTION=USB;MONITOR=1; ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07A0926D-3B93-4542-A293-9D93B3E1751C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-02-20] (Google Inc -> Google Inc.) Task: {166C76E8-C829-4F8D-966A-99994EE32692} - System32\Tasks\HPCustParticipation HP OfficeJet 3830 series => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPCustPartic.exe [6438536 2017-03-27] (Hewlett Packard -> HP Inc.) Task: {2790EBF7-9F22-4842-BCF2-591079FAAB66} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA1d1e91a93f23e27 => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-02-20] (Google Inc -> Google Inc.) Task: {69E64D03-491A-4C52-913B-4056ABB85554} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {97D0ACD3-7B8B-4AA9-B335-660342A4CCF2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core1d1e91a936c6a61 => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-02-20] (Google Inc -> Google Inc.) Task: {A6F662DE-561D-4DA5-8C9B-AF7EDE21550A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-02-20] (Google Inc -> Google Inc.) Task: {B0BAD826-55FF-4D0D-BA85-3A7C89BCE42B} - System32\Tasks\{623394EB-E332-4EE6-87FC-185678DA9EE3} => C:\Windows\system32\pcalua.exe -a "C:\ProgramData\AOL Downloads\SUD4624\waol-0.4346.19.1.exe" -d C:\Users\Mike\Desktop Task: {C25D5070-BB51-4587-B189-2AE097F66BE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [271864 2017-05-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {EDA78726-09C7-48C1-AFD2-DAA7F3DFA638} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000Core.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197961188-714576266-808560349-1000UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{1E0DDCFC-1E76-4B24-A563-377693E78DF2}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{30240170-2754-43C0-8F1E-C67D1234ECC7}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{BFFEA40B-4E9A-4941-BD74-162078A16799}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Internet Explorer: ================== HKU\S-1-5-21-4197961188-714576266-808560349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.kadaza.com/ BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (Canon Inc. -> CANON INC.) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (Canon Inc. -> CANON INC.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (Canon Inc. -> CANON INC.) Toolbar: HKU\S-1-5-21-4197961188-714576266-808560349-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (Canon Inc. -> CANON INC.) FireFox: ======== FF DefaultProfile: fcovtdlu.default-1503001169035 FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\fcovtdlu.default-1503001169035 [2019-05-05] FF Homepage: Mozilla\Firefox\Profiles\fcovtdlu.default-1503001169035 -> hxxp://www.kadaza.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] (Adobe Systems Incorporated -> ) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] (Adobe Systems Incorporated -> ) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed] FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-02-26] (Google) [File not signed] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4197961188-714576266-808560349-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC) FF Plugin HKU\S-1-5-21-4197961188-714576266-808560349-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC) Chrome: ======= CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default [2019-05-06] CHR Extension: (Slides) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-25] CHR Extension: (Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25] CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20] CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20] CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20] CHR Extension: (Sheets) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-25] CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12] CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-16] CHR Extension: (Chrome Media Router) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-04] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.AULL7JPKOAZNRFMN4VMN37U7VU - C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203776 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-08] (CobianSoft, Luis Cobian) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-01-17] (Vishal Gupta -> Puran Software) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9319936 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [306176 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) S3 atikmdag; C:\Windows\system32\drivers\atikmdag.sys [9319936 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation -> Broadcom Corporation) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-05] (Malwarebytes Corporation -> Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Corporation ) R3 wanatw; C:\Windows\System32\DRIVERS\wanatw64.sys [24064 2006-11-29] (Microsoft Windows Hardware Compatibility Publisher -> America Online, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-06 16:45 - 2019-05-06 16:47 - 000018537 _____ C:\Users\Mike\Desktop\FRST.txt 2019-05-06 16:37 - 2019-05-06 16:37 - 002430464 _____ (Farbar) C:\Users\Mike\Desktop\FRST64 (1).exe 2019-05-06 16:16 - 2019-05-06 16:16 - 002430464 _____ (Farbar) C:\Users\Mike\Desktop\Unconfirmed 269915.crdownload 2019-05-05 14:49 - 2019-05-05 14:49 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-04-19 05:59 - 2019-04-19 05:59 - 003773937 _____ C:\Users\Mike\Read the Mueller Report_ Searchable Document and Index - The New York Times.html 2019-04-19 05:59 - 2019-04-19 05:59 - 000000000 ____D C:\Users\Mike\Read the Mueller Report_ Searchable Document and Index - The New York Times_files 2019-04-10 06:19 - 2019-04-01 20:57 - 003229696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2019-04-10 06:19 - 2019-03-28 20:36 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys 2019-04-10 06:19 - 2019-03-27 22:35 - 000348776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2019-04-10 06:19 - 2019-03-27 20:55 - 000397120 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2019-04-10 06:19 - 2019-03-26 19:40 - 003181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2019-04-10 06:19 - 2019-03-26 01:14 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2019-04-10 06:19 - 2019-03-26 01:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2019-04-10 06:19 - 2019-03-26 01:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2019-04-10 06:19 - 2019-03-26 00:52 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2019-04-10 06:19 - 2019-03-26 00:51 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2019-04-10 06:19 - 2019-03-26 00:51 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2019-04-10 06:19 - 2019-03-26 00:50 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2019-04-10 06:19 - 2019-03-26 00:50 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2019-04-10 06:19 - 2019-03-26 00:50 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2019-04-10 06:19 - 2019-03-26 00:44 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2019-04-10 06:19 - 2019-03-26 00:43 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2019-04-10 06:19 - 2019-03-26 00:41 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2019-04-10 06:19 - 2019-03-26 00:40 - 005777920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2019-04-10 06:19 - 2019-03-26 00:40 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2019-04-10 06:19 - 2019-03-26 00:40 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2019-04-10 06:19 - 2019-03-26 00:40 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2019-04-10 06:19 - 2019-03-26 00:40 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2019-04-10 06:19 - 2019-03-26 00:35 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2019-04-10 06:19 - 2019-03-26 00:31 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2019-04-10 06:19 - 2019-03-26 00:26 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2019-04-10 06:19 - 2019-03-26 00:26 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2019-04-10 06:19 - 2019-03-26 00:25 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2019-04-10 06:19 - 2019-03-26 00:22 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2019-04-10 06:19 - 2019-03-26 00:22 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2019-04-10 06:19 - 2019-03-26 00:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2019-04-10 06:19 - 2019-03-26 00:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2019-04-10 06:19 - 2019-03-26 00:12 - 020280832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2019-04-10 06:19 - 2019-03-26 00:10 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2019-04-10 06:19 - 2019-03-26 00:08 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2019-04-10 06:19 - 2019-03-26 00:08 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2019-04-10 06:19 - 2019-03-26 00:07 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2019-04-10 06:19 - 2019-03-26 00:06 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2019-04-10 06:19 - 2019-03-26 00:05 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2019-04-10 06:19 - 2019-03-26 00:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2019-04-10 06:19 - 2019-03-26 00:00 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2019-04-10 06:19 - 2019-03-25 23:51 - 000498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2019-04-10 06:19 - 2019-03-25 23:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2019-04-10 06:19 - 2019-03-25 23:50 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2019-04-10 06:19 - 2019-03-25 23:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2019-04-10 06:19 - 2019-03-25 23:50 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2019-04-10 06:19 - 2019-03-25 23:48 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2019-04-10 06:19 - 2019-03-25 23:48 - 001556992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2019-04-10 06:19 - 2019-03-25 23:46 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2019-04-10 06:19 - 2019-03-25 23:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2019-04-10 06:19 - 2019-03-25 23:44 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2019-04-10 06:19 - 2019-03-25 23:43 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2019-04-10 06:19 - 2019-03-25 23:43 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2019-04-10 06:19 - 2019-03-25 23:43 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2019-04-10 06:19 - 2019-03-25 23:36 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2019-04-10 06:19 - 2019-03-25 23:36 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2019-04-10 06:19 - 2019-03-25 23:33 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2019-04-10 06:19 - 2019-03-25 23:33 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2019-04-10 06:19 - 2019-03-25 23:32 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2019-04-10 06:19 - 2019-03-25 23:31 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2019-04-10 06:19 - 2019-03-25 23:29 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2019-04-10 06:19 - 2019-03-25 23:29 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2019-04-10 06:19 - 2019-03-25 23:29 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2019-04-10 06:19 - 2019-03-25 23:28 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2019-04-10 06:19 - 2019-03-25 23:24 - 013682176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2019-04-10 06:19 - 2019-03-25 23:23 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2019-04-10 06:19 - 2019-03-25 23:22 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2019-04-10 06:19 - 2019-03-25 23:21 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2019-04-10 06:19 - 2019-03-25 23:21 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2019-04-10 06:19 - 2019-03-25 23:08 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2019-04-10 06:19 - 2019-03-25 23:04 - 001332224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2019-04-10 06:19 - 2019-03-25 23:02 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2019-04-10 06:19 - 2019-03-20 21:13 - 005552872 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2019-04-10 06:19 - 2019-03-20 21:13 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2019-04-10 06:19 - 2019-03-20 21:13 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2019-04-10 06:19 - 2019-03-20 21:13 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2019-04-10 06:19 - 2019-03-20 21:13 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2019-04-10 06:19 - 2019-03-20 21:12 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2019-04-10 06:19 - 2019-03-20 21:12 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2019-04-10 06:19 - 2019-03-20 21:10 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2019-04-10 06:19 - 2019-03-20 21:10 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:03 - 003961576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2019-04-10 06:19 - 2019-03-20 21:02 - 004056296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2019-04-10 06:19 - 2019-03-20 21:02 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 21:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 20:45 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2019-04-10 06:19 - 2019-03-20 20:45 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2019-04-10 06:19 - 2019-03-20 20:45 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2019-04-10 06:19 - 2019-03-20 20:44 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2019-04-10 06:19 - 2019-03-20 20:41 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2019-04-10 06:19 - 2019-03-20 20:41 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2019-04-10 06:19 - 2019-03-20 20:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys 2019-04-10 06:19 - 2019-03-20 20:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2019-04-10 06:19 - 2019-03-20 20:40 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll 2019-04-10 06:19 - 2019-03-20 20:38 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2019-04-10 06:19 - 2019-03-20 20:38 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2019-04-10 06:19 - 2019-03-20 20:38 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2019-04-10 06:19 - 2019-03-20 20:38 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2019-04-10 06:19 - 2019-03-20 20:38 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2019-04-10 06:19 - 2019-03-20 20:38 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2019-04-10 06:19 - 2019-03-20 20:37 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2019-04-10 06:19 - 2019-03-20 20:37 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys 2019-04-10 06:19 - 2019-03-20 20:37 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys 2019-04-10 06:19 - 2019-03-20 20:37 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys 2019-04-10 06:19 - 2019-03-20 20:37 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys 2019-04-10 06:19 - 2019-03-20 20:37 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys 2019-04-10 06:19 - 2019-03-20 20:37 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2019-04-10 06:19 - 2019-03-20 20:36 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2019-04-10 06:19 - 2019-03-20 20:36 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2019-04-10 06:19 - 2019-03-20 20:36 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2019-04-10 06:19 - 2019-03-20 20:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2019-04-10 06:19 - 2019-03-20 20:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2019-04-10 06:19 - 2019-03-20 20:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 20:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 20:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2019-04-10 06:19 - 2019-03-20 20:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2019-04-10 06:19 - 2019-03-15 23:11 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2019-04-10 06:19 - 2019-03-15 23:09 - 003247616 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2019-04-10 06:19 - 2019-03-15 23:09 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2019-04-10 06:19 - 2019-03-15 23:09 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2019-04-10 06:19 - 2019-03-15 23:09 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2019-04-10 06:19 - 2019-03-15 23:09 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2019-04-10 06:19 - 2019-03-15 23:09 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll 2019-04-10 06:19 - 2019-03-15 23:09 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll 2019-04-10 06:19 - 2019-03-15 23:09 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2019-04-10 06:19 - 2019-03-15 23:09 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll 2019-04-10 06:19 - 2019-03-15 23:09 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll 2019-04-10 06:19 - 2019-03-15 23:08 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2019-04-10 06:19 - 2019-03-15 23:08 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2019-04-10 06:19 - 2019-03-15 22:58 - 002368000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2019-04-10 06:19 - 2019-03-15 22:58 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2019-04-10 06:19 - 2019-03-15 22:58 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2019-04-10 06:19 - 2019-03-15 22:58 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2019-04-10 06:19 - 2019-03-15 22:58 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2019-04-10 06:19 - 2019-03-15 22:58 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll 2019-04-10 06:19 - 2019-03-15 22:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll 2019-04-10 06:19 - 2019-03-15 22:58 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2019-04-10 06:19 - 2019-03-15 22:58 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll 2019-04-10 06:19 - 2019-03-15 22:42 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2019-04-10 06:19 - 2019-03-15 22:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll 2019-04-10 06:19 - 2019-03-15 22:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2019-04-10 06:19 - 2019-03-13 10:09 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2019-04-10 06:19 - 2019-03-13 10:02 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2019-04-10 06:19 - 2019-03-13 09:35 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll 2019-04-10 06:19 - 2019-03-13 09:35 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll 2019-04-10 06:19 - 2019-03-12 09:34 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2019-04-10 06:19 - 2019-03-12 09:34 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2019-04-10 06:19 - 2019-03-12 09:34 - 000340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2019-04-10 06:19 - 2019-03-11 16:41 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2019-04-10 06:19 - 2019-03-11 16:41 - 001894912 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2019-04-10 06:19 - 2019-03-11 16:41 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2019-04-10 06:19 - 2019-03-11 16:41 - 000688128 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2019-04-10 06:19 - 2019-03-11 16:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll 2019-04-10 06:19 - 2019-03-11 16:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2019-04-10 06:19 - 2019-03-11 16:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2019-04-10 06:19 - 2019-03-11 16:33 - 001391616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2019-04-10 06:19 - 2019-03-11 16:33 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2019-04-10 06:19 - 2019-03-11 16:33 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2019-04-10 06:19 - 2019-03-11 16:33 - 000107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll 2019-04-10 06:19 - 2019-03-11 16:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2019-04-10 06:19 - 2019-03-11 16:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2019-04-10 06:19 - 2019-02-21 10:48 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe 2019-04-10 06:19 - 2019-02-21 10:43 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe 2019-04-10 06:19 - 2019-02-21 10:37 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2019-04-10 06:19 - 2019-02-12 11:08 - 014184448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2019-04-10 06:19 - 2019-02-12 11:08 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2019-04-10 06:19 - 2019-02-12 10:58 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2019-04-10 06:19 - 2019-02-12 10:58 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2019-04-10 06:19 - 2019-02-08 11:08 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2019-04-10 06:19 - 2019-02-08 11:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-06 16:45 - 2017-01-23 16:01 - 000000000 ____D C:\FRST 2019-05-06 08:00 - 2013-12-17 22:34 - 000000000 ____D C:\Users\Mike\Documents\Italy 2019-05-06 03:47 - 2009-07-13 23:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-05-06 03:47 - 2009-07-13 23:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-05-05 16:16 - 2013-12-26 13:54 - 000000000 ____D C:\Program Files\Puran Defrag 2019-05-05 14:55 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI 2019-05-05 14:55 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf 2019-05-05 14:49 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-05-05 12:17 - 2015-12-28 15:04 - 000000000 ____D C:\Users\Mike\Desktop\FAMILY RECIPES 2019-05-04 20:37 - 2017-01-19 19:07 - 000000000 ____D C:\Users\Mike\Desktop\PicFaves18 2019-05-04 15:05 - 2013-12-17 22:53 - 000000000 ____D C:\Users\Mike\Documents\Wikipedia 2019-05-03 13:12 - 2017-06-08 19:51 - 000000000 ____D C:\Users\Mike\Desktop\WordWaiting 2019-05-02 19:49 - 2016-02-20 12:59 - 000002408 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-04-30 13:45 - 2016-02-28 15:34 - 000000000 ____D C:\Users\Mike\Desktop\ScanStuff 2019-04-30 06:22 - 2019-03-04 08:35 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-04-26 15:55 - 2019-03-23 08:50 - 000000000 ____D C:\Users\Mike\Desktop\Spring19 2019-04-26 08:35 - 2018-10-20 10:31 - 000000000 ____D C:\Users\Mike\Desktop\66 2019-04-24 16:51 - 2013-12-17 12:27 - 000000000 ____D C:\Users\Mike 2019-04-24 15:28 - 2018-03-24 12:54 - 000000000 ____D C:\Users\Mike\Desktop\Recipes18 2019-04-15 16:51 - 2017-04-12 15:06 - 000000000 ____D C:\Users\Mike\Desktop\Crumb 2019-04-11 04:07 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache 2019-04-11 03:27 - 2009-07-13 23:45 - 000300424 _____ C:\Windows\system32\FNTCACHE.DAT 2019-04-11 03:05 - 2013-12-17 13:03 - 000000000 ____D C:\Windows\system32\MRT 2019-04-11 03:01 - 2013-12-17 13:03 - 131129288 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2019-04-09 23:13 - 2017-04-23 22:37 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======= 2013-12-24 15:36 - 2013-12-24 15:36 - 000000136 _____ () C:\Users\Mike\AppData\Roaming\mbam.context.scan 2013-12-23 09:43 - 2013-12-23 15:27 - 000004608 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2019-05-03 00:18 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05.2019 Ran by Mike (06-05-2019 16:48:29) Running from C:\Users\Mike\Desktop Windows 7 Professional Service Pack 1 (X64) (2013-12-17 17:27:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4197961188-714576266-808560349-500 - Administrator - Disabled) Guest (S-1-5-21-4197961188-714576266-808560349-501 - Limited - Disabled) HP_OWNER (S-1-5-21-4197961188-714576266-808560349-1001 - Administrator - Enabled) => C:\Users\HP_OWNER Mike (S-1-5-21-4197961188-714576266-808560349-1000 - Administrator - Enabled) => C:\Users\Mike ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.) AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.) Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.) CleanUp! (HKLM-x32\...\CleanUp!) (Version: - ) Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - ) Google Chrome (HKU\S-1-5-21-4197961188-714576266-808560349-1000\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.) Google Earth (HKLM-x32\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google) HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP) HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP) HP OfficeJet 3830 series Basic Device Software (HKLM\...\{165CDB14-4CD3-4D4D-A38A-3FF93FAAFD5C}) (Version: 40.11.1119.1786 - HP Inc.) HP OfficeJet 3830 series Help (HKLM-x32\...\{1FCCD112-2F27-463D-8C36-1D5C29A3BB3E}) (Version: 35.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) Product Improvement Study for HP OfficeJet 3830 series (HKLM\...\{F1E13468-92EB-4AB7-8F1C-CC09A286C9B9}) (Version: 40.11.1119.1786 - HP Inc.) Puran Defrag 7.6 (HKLM\...\Puran Defrag_is1) (Version: - Puran Software) RogueKiller version 13.0.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.21.0 - Adlice Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC) CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4197961188-714576266-808560349-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2012-12-13] (Vishal Gupta -> Puran Software) [File not signed] ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers2: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2012-12-13] (Vishal Gupta -> Puran Software) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2012-12-13] (Vishal Gupta -> Puran Software) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-12-18 13:10 - 2013-03-08 00:07 - 000056320 _____ (Alphaleonis) [File not signed] C:\Program Files (x86)\Cobian Backup 11\AlphaVSS.Common.dll 2013-12-18 13:10 - 2013-03-08 00:07 - 000166400 _____ (Alphaleonis) [File not signed] C:\Program Files (x86)\Cobian Backup 11\AlphaVSS.Win2008.x64.dll 2010-03-08 02:27 - 2010-03-08 02:27 - 000578048 _____ (AOL Inc.) [File not signed] C:\Program Files (x86)\Common Files\AOL\1387389289\ee\AOLSvcMgr.dll 2010-01-06 01:19 - 2010-01-06 01:19 - 000176640 _____ (AOL Inc.) [File not signed] C:\Program Files (x86)\Common Files\AOL\AOLDiag\tbdiag.dll 2008-11-04 13:46 - 2008-11-04 13:46 - 000835584 _____ (AOL LLC) [File not signed] C:\Program Files (x86)\Common Files\AOL\1387389289\ee\coolcore54.dll 2010-05-02 22:23 - 2010-05-02 22:23 - 000155648 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1387389289\ee\services\aolsystrayservice\ver4_1_2_1\AOLSysTrayService.dll 2008-10-17 11:48 - 2008-10-17 11:48 - 000104448 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1387389289\ee\services\connection\ver7_1_2_1\connection.dll 2008-10-03 13:28 - 2008-10-03 13:28 - 000317440 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1387389289\ee\services\localStorage\ver8_1_1_1\clsSvc.dll 2008-10-03 15:29 - 2008-10-03 15:29 - 000256000 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1387389289\ee\services\metrics\ver4_1_11_1\cmls.dll 2008-10-03 14:49 - 2008-10-03 14:49 - 000130560 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1387389289\ee\services\notification\ver7_1_1_1\Notify.dll 2006-09-21 10:18 - 2006-09-21 10:18 - 000005632 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1387389289\ee\services\os\ver5_2_1_1\AOLIdleMon.dll 2006-09-21 10:19 - 2006-09-21 10:19 - 000180736 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1387389289\ee\services\os\ver5_2_1_1\OS.dll 2008-10-03 16:13 - 2008-10-03 16:13 - 000163840 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1387389289\ee\services\osInfo\ver2_1_1_1\OSInfo.dll 2008-10-03 15:16 - 2008-10-03 15:16 - 000094720 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1387389289\ee\services\preferences\ver6_1_1_1\preferences.dll 2007-09-07 10:46 - 2007-09-07 10:46 - 000281600 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1387389289\ee\services\suiteFramework\ver5_1_4_1\suiteFramework.dll 2007-03-19 21:48 - 2007-03-19 21:48 - 000249856 _____ (AOL LLC) [File not signed] C:\Program Files (x86)\Common Files\AOL\1387389289\ee\xprt5.dll 2009-12-11 12:17 - 2009-12-11 12:17 - 000248832 _____ (AOL LLC) [File not signed] C:\Program Files (x86)\Common Files\AOL\1387389289\ee\xprt6.dll 2014-12-28 14:33 - 2013-01-24 02:24 - 000359936 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL 2013-12-18 13:10 - 2013-03-08 00:07 - 000067584 _____ (CobianSoft, Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe 2013-12-18 13:10 - 2013-03-08 00:07 - 000009728 _____ (Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\CobStringList.dll 2013-12-18 13:10 - 2013-03-08 00:27 - 002684928 _____ (Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbEngine.dll 2013-12-18 13:10 - 2013-03-08 00:27 - 004407808 _____ (Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe 2013-12-18 13:10 - 2013-03-08 00:26 - 000720896 _____ (Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\Cobian.exe 2013-12-17 21:14 - 2013-12-17 21:14 - 000245760 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcm90.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2019-01-10 14:20 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4197961188-714576266-808560349-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 68.105.28.11 - 68.105.29.11 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{C3E8EF01-3391-440D-8E60-7DFA4FFB6252}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{99BF0AA0-61CC-4402-91DD-688187EF1C2C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{507D92DA-D18F-456B-8580-CF4D7D3D4C34}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{6F25575C-4239-41E2-AF88-A8E4837B1FE8}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{9ECD1C4E-7353-4D91-AE28-3F5E0B6F6894}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{4E7E02DE-3224-4EEB-B741-CD4BCE906F97}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{934581BF-C000-4943-A1A9-8D708C0DAC5D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{3617D4CB-7140-499B-8EF7-6114519D869E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{F500CF40-7A91-41A3-AF7B-C3C6A51D14AC}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{43A258A9-3E67-4B57-971F-C5F555144649}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{80476B99-EE1F-4C04-A3EF-3BD08D4FB9DF}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{489929A1-B33D-450F-9710-BBC963D0F529}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{06DFBD27-BEA0-49DF-9B1C-DB89A93EB606}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{8B5C5F96-14EA-4F12-9D95-8B28902D0B10}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{54A0577E-3E4F-4E17-A785-666F27081CBF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{D10B1CEC-C576-4E4A-A262-C61C93C61591}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{48B5CAF3-443C-435D-B13D-92C41E118353}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{02E4057D-CA37-4B4A-AFDA-1209DE386279}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{8AF77200-EAEE-46C8-886A-9584425FB642}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{88D1214E-2B23-4A42-AD05-5F9BB4E4824C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{D080DA85-6382-47D7-AB8E-BD03A8676BA5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{84AB735B-D1AA-41CF-A172-F1CDF3B02D67}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1387389289\ee\aolsoftware.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{EABF4886-EBCB-439E-BCC4-51D532737B94}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{8A159DB4-5EB9-4714-AF31-A1E0E954D74F}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{79A1C0C6-DEA7-45B5-831B-B01DB292203D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{47F41458-5C50-4009-BC73-121478D3BF8D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{DC881B37-D9F3-4E8B-B374-E8F09B6F17D4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{3CCB0AFC-552C-47BF-921C-21E84C782125}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{13C79176-45D2-49E0-A01A-047B42F2A1CD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{0DD3A617-96B7-481D-AE9B-C4120FC44844}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{883D8B11-2CDA-4848-8E6A-FDA27359ACD5}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{A6A724BC-3293-4F09-BAC8-1980D2D9FEAA}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\aolbrowser.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{3F4722D1-3B44-4D4A-897A-4399C7F87769}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{E9658CBE-25EC-4ECD-A959-F1498392F780}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.0\waol.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{8E051556-1681-4B46-BF41-11651985A308}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{686645B1-A3D8-4D97-8E46-64585B91A100}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{887AFAF5-9173-4281-BFE1-92FE5FAF4090}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{DECA53EA-D174-47CE-9CAB-A82A113B469D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe (AOL Inc. -> AOL Inc.) FirewallRules: [{673BBE0F-0A84-41B4-A041-830CF5F49039}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{8DAE8A70-66CD-4796-A7B1-719AE81870E9}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{3E12EF65-E10A-40BD-95EB-73CCD50ED46B}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{296C7251-8195-41E1-A4F9-217BE632EEF3}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{7A98E836-0958-4CD5-B880-D2A811CB97D1}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{60295DE4-8E2F-442E-A566-EBD61A8A00D9}] => (Allow) LPort=5357 FirewallRules: [{5C206BAE-2864-42B0-B225-EC66D7180A14}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.) FirewallRules: [TCP Query User{1A801913-446A-4E62-B980-44B9A13700A9}C:\users\mike\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\mike\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [uDP Query User{4305BD67-FCAD-435E-ADC5-A0C4972B7473}C:\users\mike\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\mike\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{49E188DD-8E4D-4D6A-9D5F-0A4891A91205}] => (Block) C:\users\mike\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{EE3D6B0A-5F25-405A-BA1C-CAAB50E82E98}] => (Block) C:\users\mike\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{DC411334-6703-4C7F-92A0-E5DA113DE9B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{23E86C27-043A-4FE8-9904-B754FD3E5BB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) ==================== Restore Points ========================= 05-05-2019 16:54:39 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: WAN Miniport (ATW) #2 Description: WAN Miniport (ATW) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: America Online, Inc. Service: wanatw Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/06/2019 11:00:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (05/06/2019 01:11:07 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {d7deee7c-5f88-45f1-9c34-348a3f852328} Error: (05/05/2019 04:00:01 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (05/05/2019 03:00:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (05/04/2019 09:00:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (05/04/2019 02:00:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (05/03/2019 07:00:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). Error: (05/02/2019 12:00:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being consolidated into files that can be sent to Microsoft, (Error 80004005). System errors: ============= Error: (05/06/2019 03:42:18 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve Error: (05/06/2019 12:05:42 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve Error: (05/05/2019 04:06:02 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (05/05/2019 02:47:44 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout. Error: (05/01/2019 04:31:12 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve Error: (05/01/2019 12:06:21 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve Error: (04/30/2019 03:39:40 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:37:19 PM on 4/30/2019 was unexpected. Error: (04/28/2019 04:44:45 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve Windows Defender: =================================== Date: 2017-08-09 03:21:10.763 Description: Windows Defender scan has been stopped before completion. Scan ID:{74F44B93-3ABC-47E0-A787-F9B7D736E8E1} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2016-10-01 23:16:15.220 Description: Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted:Current Error Code:0x80070002 Error description:The system cannot find the file specified. Signature version:0.0.0.0 Engine version:0.0.0.0 Date: 2016-10-01 23:16:15.217 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source:Signature Update Folder Signature Type:AntiSpyware Update Type:Delta Current Engine Version: Previous Engine Version: Error code:0x80070002 Error description:The system cannot find the file specified. CodeIntegrity: =================================== Date: 2014-10-15 00:27:41.501 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.501 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.501 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.454 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.454 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.454 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.438 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-15 00:27:41.438 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: Award Software International, Inc. F8 10/08/2009 Motherboard: Gigabyte Technology Co., Ltd. GA-MA78GM-US2H Processor: AMD Phenom 8650 Triple-Core Processor Percentage of memory in use: 79% Total physical RAM: 5630.49 MB Available physical RAM: 1177.97 MB Total Virtual: 11259.13 MB Available Virtual: 6600.53 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:361.17 GB) NTFS \\?\Volume{7782d33a-6747-11e3-95c9-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 94549454) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================FRST.txtAddition.txt Edited May 7, 2019 by Starbuck Quote
ExTS Admin Starbuck Posted May 7, 2019 ExTS Admin Posted May 7, 2019 Hi Skyclad, There's nothing malicious showing in the reports. When you say: Just today I've noticed that my computer is running super slow and not sure what could have caused this, are you talking about the system in general or the speed of the internet pages opening? When clicking on the icon that displays my WiFi connections at the bottom right of the screen, the one I was running at the time stated "poor" with regard to signal strength.. Today, the speed is a bit better (not optimal) and it reads as "fair".. Have you checked to see what speed you are getting? An easy way to check this is to follow the link below and click on Go when the page opens. Speed Test There are a couple of orphan entries in the report that we can remove .... we can run a general cleanup at the same time. Although I doubt this will actually speed up your system. Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.fixlist.txt Quote Member of:UNITE
Skyclad Posted May 8, 2019 Author Posted May 8, 2019 Good to hear that nothing malicious showed up.. I just ran a speed test and the results were the following (I have no idea what is normal, so hoping you can translate this for me...)........ Ping/80; Download/ 1.02; Upload/1.76 If this is a WiFi signal strength issue (and I have a feeling it is), how should I proceed on this? We have a bundled set up through Cox Communications...... Maybe should give them a call...?? Before running the general cleanup, I was wanting to get your take on the speeds shown above and if they are subPar.. Please advise when convenient.. Again, thanks for your help! Quote
Skyclad Posted May 8, 2019 Author Posted May 8, 2019 Oh, I forgot to answer your initial question regarding the overall system speed or the speed with which the pages are opening.. That would be the latter.. There was one point in which all sorts of things were "buffering" at once, and none were opening quickly as they usually do.. Right now, it's much better than it was, but the signal strength still shows "fair".... Will be very interested in what you think of the speeds that showed up on the test... Quote
ExTS Admin Starbuck Posted May 8, 2019 ExTS Admin Posted May 8, 2019 Hi Skyclad, Ping/80; Download/ 1.02; Upload/1.76 There's definitely a problem there. Those speeds are way too low. I just took a look at the 'Cox Internet Starter 10' package ....... that offers speeds of upto 10mbps. ( and that's not great in this day and age.) Just ran a test on mine ( and i consider my connection to be average) ping ... 16ms ( the lower the number, the better ) download ... 35.65mbps ( the higher the number, the better ) upload ... 9.5mbps ( the higher number, the better ) Most television services that rely on the internet ( Amazon fire stick, Netflix etc ) require a minimum of 2mbps connection. You are only getting 1.02 .... no wonder everything is buffering. Obviously if you have more than one item connecting to the internet ( PC's, Phones, Tablets etc ) that connection will be shared..... making it even slower. First thing to do would be to call Cox Communications and ask what speed you are paying for. Then tell them the speeds that the 'Speed Test' has given you ..... and say it needs to be sorted. They should have tools at their disposal that can identify problems with your line/connection. Sometimes turning a router off for a few minutes and then restarting it can help. Just like rebooting a computer sometimes helps with problems. Quote Member of:UNITE
Skyclad Posted May 10, 2019 Author Posted May 10, 2019 Thanks for getting back Starbuck.. Yes, I had a feeling that my speeds were very low, and keep in mind the numbers I sent you were when the connection was "fair" (as is currently the case).. The other day the signal strength was "poor", and that is when things were really bad.... I will contact Cox and visit with them per your instructions.. Hopefully they can fix this asap..... Thanks again for your help!! Quote
ExTS Admin Starbuck Posted May 10, 2019 ExTS Admin Posted May 10, 2019 Hi Skyclad, It might be an idea to check the speed again when your signal strength is showing as 'poor'. That way you'll have 2 readings to give Cox. Let us know how things go. Quote Member of:UNITE
Skyclad Posted May 13, 2019 Author Posted May 13, 2019 Hi Starbuck.. The Cox TechDude came by awhile ago and re-located where the WiFi router was located.. It was on the floor in another room about 25 feet away, and he put it up much higher so it could get a better shot at the WiFi Stick on the back of my computer.. He also said it would help to raise my computer higher too, as part of the signal is being blocked by the corner of my metal desk.. Also, suggested I get a 5 Gig WiFi Stick to help things even further.. Ultimately the readings are not "excellent" but are solidly in the "good" range, according to the readout on my computer anyway.. Just ran a speed test awhile ago and the numbers are now as follows........Ping/30; Download 4.95; Upload 7.57 Still not super fast, but so much better than it was... I welcome any ideas/comments you might have.. Thanks again! Quote
ExTS Admin Starbuck Posted May 13, 2019 ExTS Admin Posted May 13, 2019 Just ran a speed test awhile ago and the numbers are now as follows........Ping/30; Download 4.95; Upload 7.57 Still not super fast, but so much better than it wasSo what speed are you paying for, compared to what you are getting .... that's the big question. Quote Member of:UNITE
Skyclad Posted May 13, 2019 Author Posted May 13, 2019 Yes it is and I completely forgot to ask him that question earlier.. Will definitely be looking into that to see what the discrepancy might be...... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.