Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected Laptop freezes and stagnates

Laptop freezees

  • Please log in to reply

#1
Bada1

Bada1

    Member

  • Member
  • PipPip
  • 14 posts

Good day

 

I have been experiencing stagnation and freeze which makes my experience frustrating. i have scanned with the FRST and I will appreciate your assistance. I Thank you for your time..below is the scan result!

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by COMPAQ at 2015-07-22 13:31:31
Running from C:\Users\COMPAQ\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1838249486-1020867623-664619754-500 - Administrator - Disabled)
COMPAQ (S-1-5-21-1838249486-1020867623-664619754-1000 - Administrator - Enabled) => C:\Users\COMPAQ
Guest (S-1-5-21-1838249486-1020867623-664619754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1838249486-1020867623-664619754-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Asta Powerproject - Trial (HKLM-x32\...\{95E874C3-E1A5-479C-911A-C8C5D778CC94}) (Version: 12.5.00 - Asta Development PLC)
Blipshot  one click screenshots (HKLM-x32\...\{0B750649-0E5A-78CB-A6AE-E2D6E2AD8882}) (Version:  - "")
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
cheapcoup (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - cheapcoup) <==== ATTENTION
Google Chrome (HKLM-x32\...\{5F6C7C79-9E78-3694-8827-E4F4936BA25F}) (Version: 65.205.49268 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LibrarySystem (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{88c3b28}) (Version:  - Software Publisher) <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
offerAepppu (HKLM-x32\...\{BDA14B0B-4672-3ABF-B189-A5958FE3A42F}) (Version:  - "") <==== ATTENTION
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Skype™ 6.14 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.14.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Official DVSA Theory Test for Car Drivers (HKLM-x32\...\{E9DF3ECB-00F3-4992-955D-ABC9AAD23BFA}) (Version: 1.00.0000 - TSO)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
18-06-2015 10:10:23 Windows Update
18-06-2015 12:29:20 Windows Update
24-06-2015 11:37:45 Windows Backup
24-06-2015 11:48:13 Windows Update
28-06-2015 00:26:36 Windows Update
30-06-2015 14:51:18 Windows Backup
03-07-2015 12:09:35 Windows Update
07-07-2015 08:35:22 Windows Backup
07-07-2015 10:06:32 Windows Update
11-07-2015 10:29:31 Restore Operation
11-07-2015 11:23:15 Windows Update
13-07-2015 12:51:52 Windows Backup
15-07-2015 08:52:24 Windows Update
15-07-2015 19:35:42 Windows Modules Installer
18-07-2015 11:44:42 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0107BE11-A893-47DA-A739-377F280A8AC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)
Task: {11F3BF2D-FC08-4977-863A-97E22AC34EA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {39F41233-9C4C-473F-BC13-DBA7F240EC87} - System32\Tasks\wp_update => C:\Users\COMPAQ\AppData\Roaming\~ukzjhmq.exe <==== ATTENTION
Task: {4F20567F-A2F2-4EFB-956D-C64F12D9D026} - System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe <==== ATTENTION
Task: {62AEAAFC-A7F6-48AF-ABEC-6A0D02040697} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-20] (Adobe Systems Incorporated)
Task: {6ED677E6-A4B3-415E-AF66-C411FDB7C974} - System32\Tasks\UpdaterEX => C:\Users\COMPAQ\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9C7DF717-0D13-4C90-AAB2-5DDDC7AC2745} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {A5B0BA26-1994-483E-9F61-2184CF622573} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {EA8D952B-43D8-4F06-87BA-4CF28A1EBA2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UpdaterEX.job => 0x010601004436415318F1DD49B3AA46E67CF97A0C4600F6000000000044440000200000000014730F000000000013040000208021DF0707000600120012001A0008003D0100003F0043003A005C00550073006500720073005C0043004F004D005000410051005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005500500044004100540045007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B0000000000070043004F004D0050004100510000000000000008000000000000000000010030000000D2070300070000000000000012001A00A00500003C0000000000000001000000010000000000000000000000
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-14 14:28 - 2015-07-13 22:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 14:28 - 2015-07-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-14 14:28 - 2015-07-13 22:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1838249486-1020867623-664619754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\COMPAQ\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2DD6A4DD-8968-4EF3-85AD-981C44A24495}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CF9419EB-E6D6-4946-AFC4-7A2DE0A331D9}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{C983F07A-474A-46AA-B851-7B67CF82DCF5}] => (Allow) LPort=5357
FirewallRules: [{0F0F29C9-A229-4CB6-9933-119522DC34AA}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8AA88E01-79B6-4D6E-B08A-D081A7CEAA09}] => (Allow) C:\Users\COMPAQ\AppData\Local\Temp\7zS1D16\HPDiagnosticCoreUI.exe
FirewallRules: [{D55D2806-8A8D-456D-B8E6-1AE77B551D6F}] => (Allow) C:\Users\COMPAQ\AppData\Local\Temp\7zS1D16\HPDiagnosticCoreUI.exe
FirewallRules: [{EE8B8A00-759E-4496-83D3-44901C485EB4}] => (Allow) C:\Users\COMPAQ\AppData\Local\Temp\7zS6F18\HPDiagnosticCoreUI.exe
FirewallRules: [{3182B4FC-CF54-4C6E-8AB3-59BCE0826047}] => (Allow) C:\Users\COMPAQ\AppData\Local\Temp\7zS6F18\HPDiagnosticCoreUI.exe
FirewallRules: [{6EDF871B-2C3B-4CDD-853B-C1275ABABE18}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/22/2015 11:16:22 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x81000101).
 
Error: (07/22/2015 01:11:44 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a9f504fe-c3b9-11e3-8844-806e6f6e6963} - 000000000000012C,0x0053c008,000000000040C9F0,0,000000000040DA00,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.
 
 
Operation:
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (07/22/2015 01:11:39 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).
 
Error: (07/21/2015 11:37:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0x1274
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (07/21/2015 11:09:09 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/21/2015 11:09:09 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/21/2015 11:09:09 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/21/2015 11:09:09 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (07/21/2015 11:08:57 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/21/2015 11:08:55 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
 
System errors:
=============
Error: (07/22/2015 12:04:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 115.6.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/22/2015 12:04:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.201.2331.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/22/2015 12:04:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.201.2331.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/22/2015 12:04:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.201.2331.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/22/2015 12:03:32 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (07/22/2015 12:01:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (07/22/2015 11:53:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (07/22/2015 11:52:50 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%886
 
Error Code: 0x80070005
 
Error description: Access is denied. 
 
Reason: %%892
 
Error: (07/22/2015 11:52:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (07/22/2015 11:52:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 96%
Total physical RAM: 3690.91 MB
Available physical RAM: 147.27 MB
Total Virtual: 7380.02 MB
Available Virtual: 2024.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:447.35 GB) (Free:395.03 GB) NTFS
Drive d: (Recovery) (Fixed) (Total:14.34 GB) (Free:0 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive f: (HP EN4500) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E10DB753)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End of log ============================

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

You only posted the Addition log and not the main one but there is enough to see what is happening.  Let's do a FRST fixlist and then see what else is left.

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

 

Also

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 


  • 0

#3
Bada1

Bada1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Thanks for your time

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-07-2015
Ran by COMPAQ (administrator) on COMPAQ-PC (25-07-2015 17:02:36)
Running from C:\Users\COMPAQ
Loaded Profiles: COMPAQ (Available Profiles: COMPAQ)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Farbar) C:\Users\COMPAQ\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1838249486-1020867623-664619754-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20917408 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1838249486-1020867623-664619754-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-08-07]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Powerproject Startup.lnk [2014-07-08]
ShortcutTarget: Powerproject Startup.lnk -> C:\Program Files (x86)\Asta\Asta Powerproject\AstaPowerproject.exe (Asta Development PLC)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1838249486-1020867623-664619754-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1838249486-1020867623-664619754-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1838249486-1020867623-664619754-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1838249486-1020867623-664619754-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-1838249486-1020867623-664619754-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{617A6249-EF47-4F9E-94F1-48ED59343A79}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (No Name) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apkalmfikjgojeiiadpmfebhfodmgpag [2014-11-27]
CHR Extension: (YouTube) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Proofread Bot  Grammar and Style Checker) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnmmjgjaaomkcjibnncokikbianjap [2015-05-07]
CHR Extension: (Google Search) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Blackball Pool) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkhefodfbgjpcmahghmfggbcpjabnag [2014-08-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-20]
CHR Extension: (Twitch Now) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2015-06-24]
CHR Extension: (Google Wallet) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (No Name) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnkgiapbjhdboldbhkagdodklkphaip [2014-11-27]
CHR Extension: (Gmail) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 088c3b28; c:\Program Files (x86)\LibrarySystem\LibrarySystem.dll [2280448 2015-07-20] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 System guard; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-25 17:01 - 2015-07-25 17:01 - 02146816 _____ (Farbar) C:\Users\COMPAQ\FRST64 (1).exe
2015-07-25 16:44 - 2015-07-25 16:44 - 02146816 _____ (Farbar) C:\Users\COMPAQ\FRST64.exe
2015-07-24 18:56 - 2015-07-24 18:59 - 00020227 _____ C:\Users\COMPAQ\Addition.txt
2015-07-24 18:38 - 2015-07-25 17:02 - 00011360 _____ C:\Users\COMPAQ\FRST.txt
2015-07-24 11:28 - 2015-07-24 11:29 - 02135552 _____ (Farbar) C:\Users\COMPAQ\FRST64 (2).exe
2015-07-24 11:13 - 2015-07-24 11:14 - 00000000 ____D C:\2db23f924b6870fef9969913f936
2015-07-22 13:06 - 2015-07-22 13:07 - 02135552 _____ (Farbar) C:\Users\COMPAQ\Downloads\FRST64.exe
2015-07-21 11:32 - 2015-07-15 04:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 11:32 - 2015-07-15 04:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 11:32 - 2015-07-15 04:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 11:32 - 2015-07-15 04:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 11:32 - 2015-07-15 03:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 11:32 - 2015-07-15 03:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 11:32 - 2015-07-15 03:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 11:32 - 2015-07-15 03:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 11:32 - 2015-07-15 02:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 11:32 - 2015-07-15 02:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 11:07 - 2015-07-25 16:48 - 00000336 _____ C:\Windows\setupact.log
2015-07-21 11:07 - 2015-07-21 11:07 - 00000000 _____ C:\Windows\setuperr.log
2015-07-21 11:06 - 2015-07-21 11:06 - 00001892 _____ C:\Windows\PFRO.log
2015-07-20 11:49 - 2015-07-20 11:49 - 00000000 ____D C:\Users\COMPAQ\AppData\Roaming\Google
2015-07-20 11:45 - 2015-07-20 11:45 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-07-20 11:45 - 2015-07-20 11:45 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-20 11:45 - 2015-07-20 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-20 11:44 - 2015-07-20 11:45 - 00000000 ____D C:\ProgramData\Google
2015-07-20 11:44 - 2015-07-20 11:45 - 00000000 ____D C:\Program Files\CCleaner
2015-07-20 11:44 - 2015-07-20 11:44 - 00000000 ____D C:\Program Files\Google
2015-07-20 11:36 - 2015-07-20 11:39 - 06565736 _____ (Piriform Ltd) C:\Users\COMPAQ\Downloads\ccsetup507 (1).exe
2015-07-20 11:35 - 2015-07-20 11:41 - 06565736 _____ (Piriform Ltd) C:\Users\COMPAQ\Downloads\ccsetup507.exe
2015-07-20 10:54 - 2015-07-22 13:37 - 00021111 _____ C:\Users\COMPAQ\Downloads\Addition.txt
2015-07-20 10:51 - 2015-07-22 13:37 - 00038557 _____ C:\Users\COMPAQ\Downloads\FRST.txt
2015-07-20 10:49 - 2015-07-25 17:02 - 00000000 ____D C:\FRST
2015-07-20 10:46 - 2015-07-20 10:47 - 01637888 _____ (Farbar) C:\Users\COMPAQ\Downloads\FRST.exe
2015-07-20 09:38 - 2015-07-20 09:38 - 00000000 ____D C:\Program Files (x86)\LibrarySystem
2015-07-18 18:59 - 2015-07-20 09:39 - 00000000 ____D C:\ProgramData\33e51d20000046e5
2015-07-18 12:04 - 2015-07-18 12:04 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 19:42 - 2015-06-25 19:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 19:42 - 2015-06-25 18:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 19:42 - 2015-06-20 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 19:42 - 2015-06-20 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 19:42 - 2015-06-20 20:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 19:42 - 2015-06-20 20:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 19:42 - 2015-06-20 20:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 19:42 - 2015-06-20 20:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 19:42 - 2015-06-20 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 19:42 - 2015-06-20 19:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 19:42 - 2015-06-19 19:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 19:42 - 2015-06-19 19:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 19:42 - 2015-06-19 19:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 19:42 - 2015-06-19 19:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 19:42 - 2015-06-19 19:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 19:42 - 2015-06-19 19:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 19:42 - 2015-06-19 19:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 19:42 - 2015-06-19 19:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 19:42 - 2015-06-19 19:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 19:42 - 2015-06-19 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 19:42 - 2015-06-19 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 19:42 - 2015-06-19 18:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 19:42 - 2015-06-19 18:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 19:42 - 2015-06-19 18:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 19:42 - 2015-06-19 18:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 19:41 - 2015-06-20 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 19:41 - 2015-06-20 20:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 19:41 - 2015-06-20 20:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 19:41 - 2015-06-20 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 19:41 - 2015-06-20 20:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 19:41 - 2015-06-20 20:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 19:41 - 2015-06-20 20:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 19:41 - 2015-06-20 20:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 19:41 - 2015-06-20 20:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 19:41 - 2015-06-20 20:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 19:41 - 2015-06-20 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 19:41 - 2015-06-20 19:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 19:41 - 2015-06-20 19:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 19:41 - 2015-06-20 19:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 19:41 - 2015-06-20 19:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 19:41 - 2015-06-19 19:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 19:41 - 2015-06-19 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 19:41 - 2015-06-19 18:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 19:41 - 2015-06-19 18:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 19:06 - 2015-07-15 21:14 - 00000000 ____D C:\Users\COMPAQ\AppData\Roaming\dvdcss
2015-07-15 19:04 - 2015-07-01 21:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 19:04 - 2015-07-01 21:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 19:04 - 2015-07-01 21:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 19:03 - 2015-07-01 21:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 19:03 - 2015-07-01 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 19:03 - 2015-07-01 21:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 19:03 - 2015-07-01 21:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 19:03 - 2015-07-01 21:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 19:03 - 2015-07-01 21:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 19:03 - 2015-07-01 21:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 19:03 - 2015-07-01 21:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 19:03 - 2015-07-01 21:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 19:03 - 2015-07-01 21:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 19:03 - 2015-07-01 21:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 19:03 - 2015-07-01 21:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 19:03 - 2015-07-01 21:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 19:03 - 2015-07-01 21:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 19:03 - 2015-07-01 21:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 19:03 - 2015-07-01 21:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 19:03 - 2015-07-01 21:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 19:03 - 2015-07-01 21:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 19:03 - 2015-07-01 21:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 19:03 - 2015-07-01 20:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 19:03 - 2015-07-01 20:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 19:03 - 2015-07-01 20:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 19:02 - 2015-07-01 21:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 19:02 - 2015-07-01 21:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 19:02 - 2015-07-01 21:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 19:02 - 2015-07-01 21:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 19:02 - 2015-07-01 21:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 19:02 - 2015-07-01 21:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 19:02 - 2015-07-01 21:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 19:02 - 2015-07-01 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 19:02 - 2015-07-01 21:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 19:02 - 2015-07-01 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 19:02 - 2015-07-01 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 19:02 - 2015-07-01 21:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 19:02 - 2015-07-01 21:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 18:57 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 18:57 - 2015-07-02 22:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 18:57 - 2015-07-02 21:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 18:57 - 2015-07-02 21:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 18:57 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 18:57 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 18:57 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 18:56 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 18:56 - 2015-07-02 21:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 18:56 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 18:55 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 18:55 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 18:43 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 18:43 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 18:41 - 2015-04-27 20:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 18:41 - 2015-04-27 20:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 18:41 - 2015-04-27 20:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 18:41 - 2015-04-27 20:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 18:41 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 18:41 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 18:41 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 18:41 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 09:23 - 2015-06-15 22:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 09:23 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 09:23 - 2015-06-15 22:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 09:23 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 09:23 - 2015-06-15 22:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 09:23 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 09:23 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 09:23 - 2015-06-15 22:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 09:23 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 09:23 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 09:23 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 09:23 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 09:19 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 09:19 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 09:18 - 2015-07-09 18:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 09:18 - 2015-07-09 18:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 09:18 - 2015-07-09 18:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 09:18 - 2015-07-09 18:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 09:18 - 2015-07-09 18:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 09:18 - 2015-07-09 18:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 09:18 - 2015-07-09 18:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 09:15 - 2015-06-25 09:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 09:14 - 2015-06-27 03:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 09:14 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 09:14 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 09:13 - 2015-06-27 03:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 09:13 - 2015-06-27 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 09:13 - 2015-06-27 02:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 20:20 - 2015-07-09 18:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 20:20 - 2015-07-09 18:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 20:20 - 2015-07-09 18:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 20:20 - 2015-07-09 18:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 20:20 - 2015-07-09 18:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 20:20 - 2015-07-09 18:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 20:20 - 2015-07-09 18:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 20:20 - 2015-07-09 18:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 16:31 - 2015-07-14 16:32 - 58130592 _____ (Microsoft Corporation) C:\Users\COMPAQ\Downloads\Internet Explorer.EXE
2015-07-14 09:05 - 2015-07-14 09:06 - 00000000 ____D C:\ec105dded2098b84051c7c5818
2015-07-07 11:20 - 2015-07-11 10:39 - 00000000 ____D C:\Program Files (x86)\Stunning Park
2015-07-04 22:45 - 2015-07-04 22:45 - 01700284 _____ C:\Users\COMPAQ\Downloads\rota030715.html
2015-07-04 22:45 - 2015-07-04 22:45 - 00000000 ____D C:\Users\COMPAQ\Downloads\rota030715_files
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-25 17:16 - 2015-05-07 20:50 - 00000000 ____D C:\ProgramData\3018555522115249011
2015-07-25 17:09 - 2014-04-14 11:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-25 17:01 - 2014-04-14 11:01 - 00000000 ____D C:\Users\COMPAQ
2015-07-25 17:00 - 2014-04-14 10:49 - 01069274 _____ C:\Windows\WindowsUpdate.log
2015-07-25 16:59 - 2009-07-14 05:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-25 16:59 - 2009-07-14 05:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-25 16:49 - 2014-04-14 11:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 16:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 16:31 - 2014-08-07 18:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 16:28 - 2014-04-14 11:18 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{245C4CA2-F3D7-4958-ADE6-F49987DBA58F}
2015-07-25 16:17 - 2015-04-04 21:43 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-25 16:03 - 2014-04-14 11:34 - 00000000 ____D C:\Users\COMPAQ\AppData\Roaming\Skype
2015-07-24 20:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-24 10:44 - 2015-05-20 19:17 - 00000024 _____ C:\Users\COMPAQ\AppData\Roaming\appdataFr25.bin
2015-07-24 10:44 - 2014-04-14 11:43 - 00000000 ____D C:\Users\COMPAQ\AppData\Local\Microsoft Help
2015-07-23 17:46 - 2014-06-18 11:01 - 00000000 ____D C:\Users\COMPAQ\AppData\Local\CrashDumps
2015-07-22 11:21 - 2009-07-14 05:45 - 00409520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 11:55 - 2014-05-31 13:46 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-07-20 11:53 - 2014-04-14 19:46 - 00000000 ____D C:\Windows\Panther
2015-07-20 11:49 - 2014-04-14 11:20 - 00000000 ____D C:\Users\COMPAQ\AppData\Local\Google
2015-07-20 11:44 - 2014-04-14 11:20 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-20 09:47 - 2014-08-07 18:57 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-20 09:47 - 2014-08-07 18:57 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-20 09:47 - 2014-08-07 18:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-18 18:57 - 2014-11-12 16:10 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2015-07-18 12:47 - 2015-04-04 21:43 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-18 12:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-18 12:04 - 2014-04-14 11:20 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-18 11:57 - 2014-04-14 11:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 21:32 - 2014-04-19 07:19 - 00000000 ____D C:\Users\COMPAQ\AppData\Roaming\vlc
2015-07-15 20:02 - 2014-12-11 04:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 20:02 - 2014-06-12 20:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 19:28 - 2014-06-08 21:34 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 19:02 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 16:05 - 2014-04-14 11:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 16:02 - 2015-06-24 10:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 14:28 - 2014-04-14 11:21 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-11 10:55 - 2015-06-01 13:19 - 00000000 ____D C:\Users\COMPAQ\Downloads\holiday form_files
2015-07-11 10:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2015-07-11 10:39 - 2014-08-07 18:57 - 00000000 ____D C:\Windows\system32\Macromed
2015-07-11 10:39 - 2014-08-07 18:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-07-11 10:39 - 2014-04-14 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-11 10:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-07-08 14:47 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-05 11:08 - 2014-04-14 11:35 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 22:55 - 2015-06-18 09:41 - 00000000 ____D C:\Program Files (x86)\offerAepppu
2015-07-04 22:54 - 2015-06-24 12:12 - 00000000 ____D C:\Program Files (x86)\quickshOp
2015-07-04 22:48 - 2014-11-29 13:29 - 00000000 __SHD C:\Users\COMPAQ\AppData\Local\EmieUserList
2015-07-04 22:48 - 2014-11-29 13:29 - 00000000 __SHD C:\Users\COMPAQ\AppData\Local\EmieBrowserModeList
2015-07-04 22:47 - 2014-11-29 13:29 - 00000000 __SHD C:\Users\COMPAQ\AppData\Local\EmieSiteList
2015-07-03 08:43 - 2014-06-08 21:33 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-05-20 19:17 - 2015-07-24 10:44 - 0000024 _____ () C:\Users\COMPAQ\AppData\Roaming\appdataFr25.bin
2015-05-07 09:20 - 2015-05-14 00:51 - 0000020 _____ () C:\Users\COMPAQ\AppData\Roaming\appdataFr3.bin
2014-05-31 13:52 - 2014-06-02 15:15 - 0012841 _____ () C:\Users\COMPAQ\AppData\Roaming\Bubble Dock.installation.log
2015-04-22 16:45 - 2015-04-22 16:45 - 0004096 ____H () C:\Users\COMPAQ\AppData\Local\keyfile3.drm
2015-05-12 09:05 - 2015-05-12 09:05 - 0000000 _____ () C:\Users\COMPAQ\AppData\Local\Temp.dat
2015-03-24 06:01 - 2015-03-24 06:01 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\COMPAQ\FRST64 (1).exe
C:\Users\COMPAQ\FRST64 (2).exe
C:\Users\COMPAQ\FRST64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-15 23:11
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by COMPAQ at 2015-07-25 17:19:33
Running from C:\Users\COMPAQ
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1838249486-1020867623-664619754-500 - Administrator - Disabled)
COMPAQ (S-1-5-21-1838249486-1020867623-664619754-1000 - Administrator - Enabled) => C:\Users\COMPAQ
Guest (S-1-5-21-1838249486-1020867623-664619754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1838249486-1020867623-664619754-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Asta Powerproject - Trial (HKLM-x32\...\{95E874C3-E1A5-479C-911A-C8C5D778CC94}) (Version: 12.5.00 - Asta Development PLC)
Blipshot  one click screenshots (HKLM-x32\...\{0B750649-0E5A-78CB-A6AE-E2D6E2AD8882}) (Version:  - "")
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
cheapcoup (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - cheapcoup) <==== ATTENTION
Google Chrome (HKLM-x32\...\{5F6C7C79-9E78-3694-8827-E4F4936BA25F}) (Version: 65.205.49268 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
History Trends (HKLM-x32\...\{D790D3FB-670B-6EF4-3686-4CB69E4ADE96}) (Version:  - "") <==== ATTENTION
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LibrarySystem (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{88c3b28}) (Version:  - Software Publisher) <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
offerAepppu (HKLM-x32\...\{BDA14B0B-4672-3ABF-B189-A5958FE3A42F}) (Version:  - "") <==== ATTENTION
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Skype™ 6.14 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.14.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Official DVSA Theory Test for Car Drivers (HKLM-x32\...\{E9DF3ECB-00F3-4992-955D-ABC9AAD23BFA}) (Version: 1.00.0000 - TSO)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
24-06-2015 11:37:45 Windows Backup
24-06-2015 11:48:13 Windows Update
28-06-2015 00:26:36 Windows Update
30-06-2015 14:51:18 Windows Backup
03-07-2015 12:09:35 Windows Update
07-07-2015 08:35:22 Windows Backup
07-07-2015 10:06:32 Windows Update
11-07-2015 10:29:31 Restore Operation
11-07-2015 11:23:15 Windows Update
13-07-2015 12:51:52 Windows Backup
15-07-2015 08:52:24 Windows Update
15-07-2015 19:35:42 Windows Modules Installer
18-07-2015 11:44:42 Windows Update
23-07-2015 10:07:14 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0107BE11-A893-47DA-A739-377F280A8AC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)
Task: {11F3BF2D-FC08-4977-863A-97E22AC34EA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {62AEAAFC-A7F6-48AF-ABEC-6A0D02040697} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-20] (Adobe Systems Incorporated)
Task: {9C7DF717-0D13-4C90-AAB2-5DDDC7AC2745} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {A5B0BA26-1994-483E-9F61-2184CF622573} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {EA8D952B-43D8-4F06-87BA-4CF28A1EBA2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-20 09:38 - 2015-07-20 09:38 - 02280448 _____ () c:\Program Files (x86)\LibrarySystem\LibrarySystem.dll
2015-07-14 14:28 - 2015-07-13 22:55 - 01281864 _____ () c:\program files (x86)\google\chrome\application\43.0.2357.134\libglesv2.dll
2015-07-14 14:28 - 2015-07-13 22:55 - 00080712 _____ () c:\program files (x86)\google\chrome\application\43.0.2357.134\libegl.dll
2015-07-14 14:28 - 2015-07-13 22:55 - 16308040 _____ () c:\program files (x86)\google\chrome\application\43.0.2357.134\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1838249486-1020867623-664619754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\COMPAQ\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2DD6A4DD-8968-4EF3-85AD-981C44A24495}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CF9419EB-E6D6-4946-AFC4-7A2DE0A331D9}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{C983F07A-474A-46AA-B851-7B67CF82DCF5}] => (Allow) LPort=5357
FirewallRules: [{0F0F29C9-A229-4CB6-9933-119522DC34AA}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8AA88E01-79B6-4D6E-B08A-D081A7CEAA09}] => (Allow) C:\Users\COMPAQ\AppData\Local\Temp\7zS1D16\HPDiagnosticCoreUI.exe
FirewallRules: [{D55D2806-8A8D-456D-B8E6-1AE77B551D6F}] => (Allow) C:\Users\COMPAQ\AppData\Local\Temp\7zS1D16\HPDiagnosticCoreUI.exe
FirewallRules: [{EE8B8A00-759E-4496-83D3-44901C485EB4}] => (Allow) C:\Users\COMPAQ\AppData\Local\Temp\7zS6F18\HPDiagnosticCoreUI.exe
FirewallRules: [{3182B4FC-CF54-4C6E-8AB3-59BCE0826047}] => (Allow) C:\Users\COMPAQ\AppData\Local\Temp\7zS6F18\HPDiagnosticCoreUI.exe
FirewallRules: [{6EDF871B-2C3B-4CDD-853B-C1275ABABE18}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/23/2015 03:20:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0x1258
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (07/22/2015 11:16:22 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x81000101).
 
Error: (07/22/2015 01:11:44 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a9f504fe-c3b9-11e3-8844-806e6f6e6963} - 000000000000012C,0x0053c008,000000000040C9F0,0,000000000040DA00,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.
 
 
Operation:
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (07/22/2015 01:11:39 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).
 
Error: (07/21/2015 11:37:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0x1274
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (07/21/2015 11:09:09 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/21/2015 11:09:09 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/21/2015 11:09:09 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/21/2015 11:09:09 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (07/21/2015 11:08:57 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (07/25/2015 04:52:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/25/2015 04:50:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (07/25/2015 04:49:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System guard service failed to start due to the following error: 
%%3
 
Error: (07/25/2015 04:46:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (07/25/2015 04:04:07 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%834
 
Error Code: 0x80004005
 
Error description: Unspecified error 
 
Reason: %%838
 
Error: (07/25/2015 04:03:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BEBA2AA5-B5A7-4DD3-9AD6-43B24CDD3B7D}
 
Error: (07/25/2015 01:14:53 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.4 with the system
having network hardware address D8-FE-E3-5E-E8-CF. Network operations on this system may
be disrupted as a result.
 
Error: (07/25/2015 03:38:25 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{617A6249-EF47-4F9E-94F1-48ED59343A79} because another computer on the network has the same name.  The server could not start.
 
Error: (07/24/2015 07:05:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (07/24/2015 05:49:53 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
 
 
Microsoft Office:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 3690.91 MB
Available physical RAM: 2173.98 MB
Total Virtual: 7380.02 MB
Available Virtual: 5438.29 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:447.35 GB) (Free:395.75 GB) NTFS
Drive d: (Recovery) (Fixed) (Total:14.34 GB) (Free:0 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive f: (HP EN4500) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E10DB753)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End of log ============================
Process CPU Private Bytes Working Set PID Verified Signer
System Idle Process 0 K 24 K 0
System 0.97 192 K 612 K 4
 Interrupts 2.59 0 K 0 K n/a
 smss.exe 440 K 316 K 276 (Verified) Microsoft Windows
csrss.exe 0.01 2,040 K 1,896 K 380 (Verified) Microsoft Windows
wininit.exe 1,468 K 324 K 452 (Verified) Microsoft Windows
 services.exe 0.05 5,600 K 5,308 K 560 (Verified) Microsoft Windows
  svchost.exe 0.33 4,432 K 3,880 K 692 (Verified) Microsoft Windows
   WmiPrvSE.exe 2,456 K 6,176 K 4596 (Verified) Microsoft Windows
  svchost.exe 0.18 5,088 K 5,220 K 768 (Verified) Microsoft Windows
  MsMpEng.exe 1.90 141,380 K 73,608 K 816 (Verified) Microsoft Corporation
  atiesrxx.exe 1,452 K 656 K 940 (Verified) Microsoft Windows Hardware Compatibility Publisher
   atieclxx.exe 2,188 K 1,628 K 1092 (Verified) Microsoft Windows Hardware Compatibility Publisher
  svchost.exe 0.10 21,732 K 13,300 K 980 (Verified) Microsoft Windows
   audiodg.exe 1.88 16,912 K 14,932 K 2676 (Verified) Microsoft Windows
  svchost.exe 0.28 125,576 K 119,176 K 1020 (Verified) Microsoft Windows
   dwm.exe 4.60 33,480 K 42,496 K 1392 (Verified) Microsoft Windows
  svchost.exe 0.58 12,744 K 14,256 K 324 (Verified) Microsoft Windows
  svchost.exe 0.52 30,516 K 24,640 K 376 (Verified) Microsoft Windows
   taskeng.exe 1,984 K 5,728 K 2572 (Verified) Microsoft Windows
    HPCustPartic.exe 0.07 5,116 K 6,380 K 4572 (Verified) Hewlett Packard
   taskeng.exe 0.32 380 K 120 K 3260 (Verified) Microsoft Windows
  svchost.exe 0.07 14,920 K 9,864 K 1128 (Verified) Microsoft Windows
  spoolsv.exe 7,700 K 4,832 K 1504 (Verified) Microsoft Windows
  svchost.exe 0.01 11,948 K 11,460 K 1548 (Verified) Microsoft Windows
  taskhost.exe 0.03 8,208 K 4,244 K 1584 (Verified) Microsoft Windows
  rundll32.exe 876 K 324 K 1872 (Verified) Microsoft Windows
   rundll32.exe 14,344 K 2,128 K 1088 (Verified) Microsoft Windows
  armsvc.exe 1,164 K 380 K 1564 (Verified) Adobe Systems
  svchost.exe 4,704 K 5,728 K 1580 (Verified) Microsoft Windows
  svchost.exe 4,552 K 2,728 K 1460 (Verified) Microsoft Windows
  NisSrv.exe 0.04 12,896 K 6,764 K 2112 (Verified) Microsoft Corporation
  svchost.exe 2,580 K 2,920 K 2164 (Verified) Microsoft Windows
  SearchIndexer.exe 0.02 24,636 K 10,120 K 2948 (Verified) Microsoft Windows
  svchost.exe 0.11 7,972 K 6,988 K 2840 (Verified) Microsoft Windows
  wmpnetwk.exe 22.76 2,490,036 K 436,412 K 2956 (Verified) Microsoft Windows
  svchost.exe 11,364 K 9,952 K 3176 (Verified) Microsoft Windows
  svchost.exe 1,504 K 1,368 K 3832 (Verified) Microsoft Windows
  TrustedInstaller.exe 4,140 K 1,956 K 5028 (Verified) Microsoft Windows
  taskhost.exe 0.17 6,684 K 14,156 K 4176 (Verified) Microsoft Windows
 lsass.exe 0.39 5,252 K 6,808 K 568 (Verified) Microsoft Windows
 lsm.exe 2,392 K 1,760 K 576 (Verified) Microsoft Windows
csrss.exe 0.94 2,600 K 3,380 K 472 (Verified) Microsoft Windows
winlogon.exe 2,860 K 1,536 K 520 (Verified) Microsoft Windows
explorer.exe 0.41 70,280 K 42,040 K 1416 (Verified) Microsoft Windows
 msseces.exe 5,984 K 1,400 K 2444 (Verified) Microsoft Corporation
 Skype.exe 0.59 81,868 K 35,164 K 2452 (Verified) Skype Software Sarl
 sidebar.exe 14,708 K 19,104 K 2460 (Verified) Microsoft Windows
 SSScheduler.exe 3,412 K 932 K 2488 (Verified) McAfee
 notepad.exe 1,872 K 6,528 K 4080 (Verified) Microsoft Windows
 wmpnscfg.exe 1.59 1,428 K 4,416 K 4436 (Verified) Microsoft Windows
GWX.exe 3,048 K 916 K 2024 (Verified) Microsoft Windows
hpwuschd2.exe 948 K 844 K 2708 (Verified) Hewlett-Packard Company
CCleaner64.exe 0.02 8,236 K 1,396 K 2656 (Verified) Piriform Ltd
FRST64 (1).exe 0.36 24,264 K 5,028 K 4344 (No signature was present in the subject) Farbar
 notepad.exe 1,872 K 2,920 K 5080 (Verified) Microsoft Windows
 notepad.exe 1,816 K 1,840 K 4244 (Verified) Microsoft Windows
chrome.exe 7.11 73,312 K 105,576 K 3684 (Verified) Google Inc
 chrome.exe 5.69 48,104 K 49,208 K 284 (Verified) Google Inc
 chrome.exe 22,524 K 2,276 K 3632 (Verified) Google Inc
 chrome.exe 25,868 K 2,288 K 3756 (Verified) Google Inc
 chrome.exe 17,752 K 2,248 K 4696 (Verified) Google Inc
 chrome.exe 0.42 29,992 K 13,460 K 3728 (Verified) Google Inc
 chrome.exe 22,560 K 2,288 K 2124 (Verified) Google Inc
 chrome.exe 0.05 28,264 K 13,248 K 3772 (Verified) Google Inc
 chrome.exe 28.91 549,472 K 560,580 K 3356 (Verified) Google Inc
 chrome.exe 1.32 220,044 K 172,968 K 3784 (Verified) Google Inc
 chrome.exe 1.65 90,644 K 75,536 K 4456 (Verified) Google Inc
 procexp.exe 2,564 K 6,712 K 4732 (Verified) Microsoft Corporation
  procexp64.exe 9.40 24,880 K 43,128 K 4584 (Verified) Microsoft Corporation
 
 
 

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

If possible:

 

Uninstall:

cheapcoup

History Trends


LibrarySystem

McAfee Security Scan Plus

offerAepppu
 

 

Then

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

 

Then copy the next  2 lines:

cd \
dir /a /s appdataFr*.bin > \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied lines should appear.  Hit Enter. 

 

 

 

(The second line will take a few minutes to complete.  Be patient.)  When the prompt returns.

 

 

 

 

Type:

notepad  \junk.txt

and hit Enter.  Notepad should open.  Copy and paste the text from notepad into a reply.

 

Please make a new Process Explorer log.

 

 

 

 


  • 0

#5
Bada1

Bada1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Microsoft Windows [Version 6.1.7601]

Copyright © 2009 Microsoft Corporation.  All rights reserved.
 
C:\Windows\system32>cd \
 
C:\>dir /a /s appdataFr*.bin > \junk.txt
 
C:\>notepad\junk.txt
The system cannot find the path specified.
 
C:\>

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

You need a space:

notepad       \junk.txt

  • 0

#7
Bada1

Bada1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

cd \
dir
/a /s appdataFr*.bin > \junk.txt

 
 Volume in drive C has no label.
 Volume Serial Number is 5039-4A1B
 
 Directory of C:\Users\COMPAQ\AppData\Roaming
 
30/07/2015  00:42                24 appdataFr25.bin
               1 File(s)             24 bytes
 
     Total Files Listed:
               1 File(s)             24 bytes
               0 Dir(s)  424,165,482,496 bytes free
 
 

  • 0

#8
Bada1

Bada1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

thanks

 

Process CPU Private Bytes Working Set PID Verified Signer
armsvc.exe 1,152 K 264 K 1824 (Verified) Adobe Systems
atieclxx.exe 2,132 K 380 K 1088
atiesrxx.exe 1,448 K 252 K 928 (Verified) Microsoft Windows Hardware Compatibility Publisher
chrome.exe 25,140 K 2,140 K 1632 (Verified) Google Inc
chrome.exe 23,596 K 2,056 K 3004 (Verified) Google Inc
chrome.exe 20,284 K 2,028 K 2344 (Verified) Google Inc
chrome.exe 23,864 K 2,036 K 2664 (Verified) Google Inc
chrome.exe 29,924 K 2,116 K 568 (Verified) Google Inc
cmd.exe 2,292 K 3,088 K 4328
conhost.exe 1,608 K 5,340 K 3272
GoogleUpdate.exe 1,976 K 128 K 1724
GWX.exe 3,084 K 800 K 2252 (Verified) Microsoft Windows
hpwuschd2.exe 936 K 520 K 2548 (Verified) Hewlett-Packard Company
lsm.exe 2,380 K 1,448 K 520
msseces.exe 5,900 K 5,480 K 1816 (Verified) Microsoft Corporation
NisSrv.exe 13,500 K 6,964 K 2776 (Verified) Microsoft Corporation
notepad.exe 1,676 K 6,244 K 3376
procexp (1).exe 2,568 K 6,648 K 4428 (Verified) Microsoft Corporation
smss.exe 436 K 80 K 276
spoolsv.exe 7,656 K 3,408 K 1340 (Verified) Microsoft Windows
svchost.exe 4,760 K 5,484 K 1932 (Verified) Microsoft Windows
svchost.exe 2,548 K 2,848 K 2820 (Verified) Microsoft Windows
svchost.exe 4,744 K 2,340 K 2032 (Verified) Microsoft Windows
svchost.exe 11,960 K 10,188 K 1384 (Verified) Microsoft Windows
svchost.exe 4,884 K 4,740 K 752 (Verified) Microsoft Windows
wininit.exe 1,452 K 204 K 452
winlogon.exe 2,848 K 1,304 K 656
svchost.exe < 0.01 1,532 K 1,100 K 2976 (Verified) Microsoft Windows
sidebar.exe < 0.01 13,488 K 19,520 K 1940 (Verified) Microsoft Windows
taskeng.exe < 0.01 1,752 K 1,364 K 1756
svchost.exe < 0.01 144,464 K 140,820 K 1016 (Verified) Microsoft Windows
svchost.exe 0.01 14,496 K 9,364 K 1124 (Verified) Microsoft Windows
taskhost.exe 0.01 12,540 K 5,152 K 1432 (Verified) Microsoft Windows
TrustedInstaller.exe 0.01 25,068 K 11,140 K 3132 (Verified) Microsoft Windows
svchost.exe 0.01 11,092 K 10,068 K 3764 (Verified) Microsoft Windows
csrss.exe 0.01 2,012 K 1,344 K 384
services.exe 0.02 6,136 K 5,028 K 504
SearchIndexer.exe 0.02 22,312 K 10,700 K 2656 (Verified) Microsoft Windows
wordpad.exe 0.03 13,168 K 14,692 K 3380 (Verified) Microsoft Windows
chrome.exe 0.03 49,452 K 33,016 K 3836 (Verified) Google Inc
svchost.exe 0.05 12,096 K 13,084 K 324 (Verified) Microsoft Windows
svchost.exe 0.07 8,028 K 7,652 K 3480 (Verified) Microsoft Windows
svchost.exe 0.09 20,636 K 13,852 K 972 (Verified) Microsoft Windows
explorer.exe 0.14 60,092 K 24,232 K 1540 (Verified) Microsoft Windows
lsass.exe 0.19 4,928 K 6,480 K 512 (Verified) Microsoft Windows
MsMpEng.exe 0.22 123,984 K 61,532 K 796 (Verified) Microsoft Corporation
svchost.exe 0.22 32,868 K 37,532 K 388 (Verified) Microsoft Windows
svchost.exe 0.48 4,280 K 3,560 K 632 (Verified) Microsoft Windows
System 0.60 184 K 496 K 4
csrss.exe 0.87 2,620 K 4,368 K 468
Interrupts 1.31 0 K 0 K n/a
chrome.exe 1.39 59,648 K 69,812 K 3476 (Verified) Google Inc
dwm.exe 1.50 32,880 K 23,584 K 1452 (Verified) Microsoft Windows
Skype.exe 1.53 80,528 K 34,492 K 1888 (Verified) Skype Software Sarl
audiodg.exe 1.90 16,876 K 13,700 K 3284
chrome.exe 4.76 86,320 K 28,572 K 3960 (Verified) Google Inc
procexp (1)64.exe 6.71 22,184 K 39,280 K 2792 (Verified) Microsoft Corporation
chrome.exe 21.83 223,704 K 197,692 K 908 (Verified) Google Inc
System Idle Process 24.38 0 K 24 K 0
wmpnetwk.exe 31.62 2,491,472 K 1,837,724 K 2464 (Verified) Microsoft Windows

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

OK.  It looks like there is only the one file this time.  Sometimes there are many.  Let's see if we can remove it.  I'm going to also disable wmpnetwk.exe as it is eating up too much CPU time.

 

Copy the next 7 lines:

 

del \Users\COMPAQ\AppData\Roaming\appdataFr25.bin
mkdir \Users\COMPAQ\AppData\Roaming\appdataFr25.bin
dir \Users\COMPAQ\AppData\Roaming  >  \junk.txt
sc stop ‎WMPNetworkSvc
sc config ‎WMPNetworkSvc start= disabled
sc query ‎WMPNetworkSvc >> \junk.txt
notepad \junk.txt
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied lines should appear.  If notepad doesn't open, hit Enter.   Copy and paste the text from notepad into a reply.
 
Make another process explorer log as before and post it too.

  • 0

#10
Bada1

Bada1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Ok, thanks

 

 
Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.
 
C:\Windows\system32>
C:\Windows\system32>del \Users\COMPAQ\AppData\Roaming\appdataFr25.bin
 
C:\Windows\system32>mkdir \Users\COMPAQ\AppData\Roaming\appdataFr25.bin
 
C:\Windows\system32>dir \Users\COMPAQ\AppData\Roaming  >  \junk.txt
 
C:\Windows\system32>sc stop ?WMPNetworkSvc
[SC] OpenService FAILED 1060:
 
The specified service does not exist as an installed service.
 
 
C:\Windows\system32>sc config ?WMPNetworkSvc start= disabled
[SC] OpenService FAILED 1060:
 
The specified service does not exist as an installed service.
 
 
C:\Windows\system32>sc query ?WMPNetworkSvc >> \junk.txt
 
C:\Windows\system32>notepad \junk.txt

  • 0

Advertisements


#11
Bada1

Bada1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.
 
C:\Windows\system32>
C:\Windows\system32>del \Users\COMPAQ\AppData\Roaming\appdataFr25.bin
 
C:\Windows\system32>mkdir \Users\COMPAQ\AppData\Roaming\appdataFr25.bin
 
C:\Windows\system32>dir \Users\COMPAQ\AppData\Roaming  >  \junk.txt
 
C:\Windows\system32>sc stop ?WMPNetworkSvc
[SC] OpenService FAILED 1060:
 
The specified service does not exist as an installed service.
 
 
C:\Windows\system32>sc config ?WMPNetworkSvc start= disabled
[SC] OpenService FAILED 1060:
 
The specified service does not exist as an installed service.
 
 
C:\Windows\system32>sc query ?WMPNetworkSvc >> \junk.txt
 
C:\Windows\system32>notepad \junk.txt

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

OK.  Looks like it picked up an invisible character in the script (that's what the ? indicates) .  It should still have given you a notepad of \junk.txt.

 

Let's do the service the hard way.  Right click on Computer and select Manage (continue) then Services and Applications then Services.  Find the Windows Media Player Network Sharing Service and right click.  Select Properties then STOP the service, change the Startup Type: to Disabled.  OK.

 

Run a FRST scan again with Addition check and post both logs.  Also run Process Explorer again and make and post the log.


  • 0

#13
Bada1

Bada1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by COMPAQ (administrator) on COMPAQ-PC (01-08-2015 08:00:49)
Running from C:\Users\COMPAQ
Loaded Profiles: COMPAQ (Available Profiles: COMPAQ)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Farbar) C:\Users\COMPAQ\FRST640108.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1838249486-1020867623-664619754-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20917408 2014-02-10] (Skype Technologies S.A.)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Powerproject Startup.lnk [2014-07-08]
ShortcutTarget: Powerproject Startup.lnk -> C:\Program Files (x86)\Asta\Asta Powerproject\AstaPowerproject.exe (Asta Development PLC)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1838249486-1020867623-664619754-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1838249486-1020867623-664619754-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1838249486-1020867623-664619754-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....=MSSEDF&pc=MSSE
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1838249486-1020867623-664619754-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1838249486-1020867623-664619754-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1838249486-1020867623-664619754-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-1838249486-1020867623-664619754-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{617A6249-EF47-4F9E-94F1-48ED59343A79}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (YouTube) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Proofread Bot  Grammar and Style Checker) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnmmjgjaaomkcjibnncokikbianjap [2015-05-07]
CHR Extension: (Google Search) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Blackball Pool) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkhefodfbgjpcmahghmfggbcpjabnag [2014-08-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-20]
CHR Extension: (History Trends) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nangghhladpnhlllolmdbdgeggionole [2015-07-25]
CHR Extension: (Twitch Now) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2015-06-24]
CHR Extension: (Google Wallet) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\COMPAQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-01 07:58 - 2015-08-01 08:00 - 02168832 _____ (Farbar) C:\Users\COMPAQ\FRST640108.exe
2015-07-31 23:40 - 2015-07-31 23:40 - 00003633 _____ C:\Users\COMPAQ\Hardware 3107.TXT
2015-07-31 23:35 - 2015-07-31 23:35 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\COMPAQ\procexp (2).exe
2015-07-31 23:30 - 2015-07-31 23:30 - 00000000 ____D C:\Users\COMPAQ\AppData\Roaming\appdataFr25.bin
2015-07-31 18:04 - 2015-07-31 18:04 - 00003565 _____ C:\Users\COMPAQ\System Idle Process31.TXT
2015-07-31 17:57 - 2015-07-31 17:58 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\COMPAQ\procexp (1).exe
2015-07-30 02:39 - 2015-07-30 02:39 - 00003550 _____ C:\Users\COMPAQ\System Idle Process1.TXT
2015-07-30 02:28 - 2015-07-30 02:28 - 00003540 _____ C:\Users\COMPAQ\Desktop\System Idle Process1.TXT
2015-07-30 02:18 - 2015-07-30 02:19 - 01186640 _____ C:\Users\COMPAQ\ProcessExplorer.zip
2015-07-30 02:18 - 2015-07-30 02:19 - 01186640 _____ C:\Users\COMPAQ\ProcessExplorer (1).zip
2015-07-30 02:00 - 2015-07-31 23:30 - 00001329 _____ C:\junk.txt
2015-07-30 01:54 - 2015-07-30 01:59 - 21715753 _____ C:\junk.txtcd
2015-07-30 00:56 - 2015-07-30 00:56 - 02169856 _____ (Farbar) C:\Users\COMPAQ\FRST643007.exe
2015-07-30 00:21 - 2015-07-30 00:21 - 02169856 _____ (Farbar) C:\Users\COMPAQ\FRST64 3007.exe
2015-07-30 00:14 - 2015-07-30 00:14 - 00002420 _____ C:\Users\COMPAQ\fixlist3007.txt
2015-07-29 18:57 - 2015-07-25 19:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-29 18:57 - 2015-07-25 19:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-29 18:57 - 2015-07-25 19:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-29 18:57 - 2015-07-25 19:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-29 18:57 - 2015-07-25 19:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-29 18:57 - 2015-07-25 19:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-29 18:57 - 2015-07-25 19:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-29 18:57 - 2015-07-25 18:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-27 09:34 - 2015-07-27 09:34 - 00000000 ____D C:\ProgramData\f85c66c1000004a5
2015-07-25 18:09 - 2015-07-25 18:09 - 00004738 _____ C:\Users\COMPAQ\Hardware Interrupts and DPCs.txt
2015-07-25 18:01 - 2015-07-25 18:02 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\COMPAQ\procexp.exe
2015-07-25 17:14 - 2015-07-27 08:04 - 00000000 ____D C:\Program Files (x86)\roccuketsaale
2015-07-25 17:12 - 2015-07-27 08:04 - 00000000 ____D C:\Program Files (x86)\roaccketsaLee
2015-07-25 17:10 - 2015-07-25 17:10 - 00000000 ____D C:\Program Files (x86)\rOccketsale
2015-07-24 18:56 - 2015-07-30 01:17 - 00018440 _____ C:\Users\COMPAQ\Addition.txt
2015-07-24 18:38 - 2015-08-01 08:01 - 00010578 _____ C:\Users\COMPAQ\FRST.txt
2015-07-24 11:13 - 2015-07-24 11:14 - 00000000 ____D C:\2db23f924b6870fef9969913f936
2015-07-22 13:06 - 2015-07-22 13:07 - 02135552 _____ (Farbar) C:\Users\COMPAQ\Downloads\FRST64.exe
2015-07-21 11:32 - 2015-07-15 04:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 11:32 - 2015-07-15 04:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 11:32 - 2015-07-15 04:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 11:32 - 2015-07-15 04:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 11:32 - 2015-07-15 03:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 11:32 - 2015-07-15 03:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 11:32 - 2015-07-15 03:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 11:32 - 2015-07-15 03:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 11:32 - 2015-07-15 02:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 11:32 - 2015-07-15 02:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 11:07 - 2015-08-01 07:44 - 00000952 _____ C:\Windows\setupact.log
2015-07-21 11:07 - 2015-07-21 11:07 - 00000000 _____ C:\Windows\setuperr.log
2015-07-21 11:06 - 2015-07-30 00:40 - 00005540 _____ C:\Windows\PFRO.log
2015-07-20 11:49 - 2015-07-20 11:49 - 00000000 ____D C:\Users\COMPAQ\AppData\Roaming\Google
2015-07-20 11:44 - 2015-07-20 11:45 - 00000000 ____D C:\ProgramData\Google
2015-07-20 11:44 - 2015-07-20 11:44 - 00000000 ____D C:\Program Files\Google
2015-07-20 11:36 - 2015-07-20 11:39 - 06565736 _____ (Piriform Ltd) C:\Users\COMPAQ\Downloads\ccsetup507 (1).exe
2015-07-20 11:35 - 2015-07-20 11:41 - 06565736 _____ (Piriform Ltd) C:\Users\COMPAQ\Downloads\ccsetup507.exe
2015-07-20 10:54 - 2015-07-22 13:37 - 00021111 _____ C:\Users\COMPAQ\Downloads\Addition.txt
2015-07-20 10:51 - 2015-07-22 13:37 - 00038557 _____ C:\Users\COMPAQ\Downloads\FRST.txt
2015-07-20 10:49 - 2015-08-01 08:00 - 00000000 ____D C:\FRST
2015-07-20 10:46 - 2015-07-20 10:47 - 01637888 _____ (Farbar) C:\Users\COMPAQ\Downloads\FRST.exe
2015-07-18 12:04 - 2015-07-18 12:04 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 19:42 - 2015-06-25 19:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 19:42 - 2015-06-25 18:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 19:42 - 2015-06-20 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 19:42 - 2015-06-20 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 19:42 - 2015-06-20 20:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 19:42 - 2015-06-20 20:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 19:42 - 2015-06-20 20:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 19:42 - 2015-06-20 20:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 19:42 - 2015-06-20 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 19:42 - 2015-06-20 19:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 19:42 - 2015-06-19 19:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 19:42 - 2015-06-19 19:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 19:42 - 2015-06-19 19:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 19:42 - 2015-06-19 19:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 19:42 - 2015-06-19 19:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 19:42 - 2015-06-19 19:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 19:42 - 2015-06-19 19:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 19:42 - 2015-06-19 19:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 19:42 - 2015-06-19 19:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 19:42 - 2015-06-19 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 19:42 - 2015-06-19 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 19:42 - 2015-06-19 18:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 19:42 - 2015-06-19 18:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 19:42 - 2015-06-19 18:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 19:42 - 2015-06-19 18:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 19:41 - 2015-06-20 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 19:41 - 2015-06-20 20:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 19:41 - 2015-06-20 20:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 19:41 - 2015-06-20 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 19:41 - 2015-06-20 20:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 19:41 - 2015-06-20 20:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 19:41 - 2015-06-20 20:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 19:41 - 2015-06-20 20:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 19:41 - 2015-06-20 20:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 19:41 - 2015-06-20 20:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 19:41 - 2015-06-20 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 19:41 - 2015-06-20 19:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 19:41 - 2015-06-20 19:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 19:41 - 2015-06-20 19:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 19:41 - 2015-06-20 19:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 19:41 - 2015-06-19 19:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 19:41 - 2015-06-19 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 19:41 - 2015-06-19 18:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 19:41 - 2015-06-19 18:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 19:06 - 2015-07-15 21:14 - 00000000 ____D C:\Users\COMPAQ\AppData\Roaming\dvdcss
2015-07-15 19:04 - 2015-07-01 21:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 19:04 - 2015-07-01 21:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 19:04 - 2015-07-01 21:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 19:03 - 2015-07-01 21:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 19:03 - 2015-07-01 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 19:03 - 2015-07-01 21:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 19:03 - 2015-07-01 21:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 19:03 - 2015-07-01 21:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 19:03 - 2015-07-01 21:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 19:03 - 2015-07-01 21:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 19:03 - 2015-07-01 21:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 19:03 - 2015-07-01 21:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 19:03 - 2015-07-01 21:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 19:03 - 2015-07-01 21:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 19:03 - 2015-07-01 21:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 19:03 - 2015-07-01 21:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 19:03 - 2015-07-01 21:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 19:03 - 2015-07-01 21:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 19:03 - 2015-07-01 21:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 19:03 - 2015-07-01 21:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 19:03 - 2015-07-01 21:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 19:03 - 2015-07-01 21:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 19:03 - 2015-07-01 20:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 19:03 - 2015-07-01 20:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 19:03 - 2015-07-01 20:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 19:02 - 2015-07-01 21:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 19:02 - 2015-07-01 21:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 19:02 - 2015-07-01 21:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 19:02 - 2015-07-01 21:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 19:02 - 2015-07-01 21:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 19:02 - 2015-07-01 21:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 19:02 - 2015-07-01 21:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 19:02 - 2015-07-01 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 19:02 - 2015-07-01 21:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 19:02 - 2015-07-01 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 19:02 - 2015-07-01 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 19:02 - 2015-07-01 21:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 19:02 - 2015-07-01 21:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 18:57 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 18:57 - 2015-07-02 22:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 18:57 - 2015-07-02 21:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 18:57 - 2015-07-02 21:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 18:57 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 18:57 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 18:57 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 18:56 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 18:56 - 2015-07-02 21:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 18:56 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 18:55 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 18:55 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 18:43 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 18:43 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 18:41 - 2015-04-27 20:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 18:41 - 2015-04-27 20:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 18:41 - 2015-04-27 20:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 18:41 - 2015-04-27 20:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 18:41 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 18:41 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 18:41 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 18:41 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 09:23 - 2015-06-15 22:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 09:23 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 09:23 - 2015-06-15 22:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 09:23 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 09:23 - 2015-06-15 22:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 09:23 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 09:23 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 09:23 - 2015-06-15 22:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 09:23 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 09:23 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 09:23 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 09:23 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 09:19 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 09:19 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 09:18 - 2015-07-09 18:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 09:18 - 2015-07-09 18:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 09:18 - 2015-07-09 18:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 09:18 - 2015-07-09 18:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 09:18 - 2015-07-09 18:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 09:18 - 2015-07-09 18:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 09:18 - 2015-07-09 18:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 09:18 - 2015-07-09 18:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 09:15 - 2015-06-25 09:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 09:14 - 2015-06-27 03:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 09:14 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 09:14 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 09:13 - 2015-06-27 03:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 09:13 - 2015-06-27 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 09:13 - 2015-06-27 02:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 16:31 - 2015-07-14 16:32 - 58130592 _____ (Microsoft Corporation) C:\Users\COMPAQ\Downloads\Internet Explorer.EXE
2015-07-14 09:05 - 2015-07-14 09:06 - 00000000 ____D C:\ec105dded2098b84051c7c5818
2015-07-07 11:20 - 2015-07-11 10:39 - 00000000 ____D C:\Program Files (x86)\Stunning Park
2015-07-06 08:59 - 2015-07-06 08:59 - 00000383 _____ C:\ftconfig.ini
2015-07-04 22:45 - 2015-07-04 22:45 - 01700284 _____ C:\Users\COMPAQ\Downloads\rota030715.html
2015-07-04 22:45 - 2015-07-04 22:45 - 00000000 ____D C:\Users\COMPAQ\Downloads\rota030715_files
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-01 08:00 - 2014-04-14 11:01 - 00000000 ____D C:\Users\COMPAQ
2015-08-01 07:59 - 2009-07-14 05:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-01 07:59 - 2009-07-14 05:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-01 07:49 - 2014-04-14 10:49 - 01445860 _____ C:\Windows\WindowsUpdate.log
2015-08-01 07:48 - 2014-04-14 11:18 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{245C4CA2-F3D7-4958-ADE6-F49987DBA58F}
2015-08-01 07:44 - 2014-04-14 11:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-01 07:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-31 23:31 - 2014-08-07 18:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-31 23:22 - 2014-04-14 11:34 - 00000000 ____D C:\Users\COMPAQ\AppData\Roaming\Skype
2015-07-31 23:22 - 2014-04-14 11:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-31 16:07 - 2014-06-12 20:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-31 15:51 - 2014-04-14 11:21 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-30 01:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-27 08:04 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-25 17:19 - 2015-05-07 20:50 - 00000000 ____D C:\ProgramData\3018555522115249011
2015-07-25 16:17 - 2015-04-04 21:43 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 10:44 - 2014-04-14 11:43 - 00000000 ____D C:\Users\COMPAQ\AppData\Local\Microsoft Help
2015-07-23 17:46 - 2014-06-18 11:01 - 00000000 ____D C:\Users\COMPAQ\AppData\Local\CrashDumps
2015-07-22 11:21 - 2009-07-14 05:45 - 00409520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 11:55 - 2014-05-31 13:46 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-07-20 11:53 - 2014-04-14 19:46 - 00000000 ____D C:\Windows\Panther
2015-07-20 11:49 - 2014-04-14 11:20 - 00000000 ____D C:\Users\COMPAQ\AppData\Local\Google
2015-07-20 11:44 - 2014-04-14 11:20 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-20 09:47 - 2014-08-07 18:57 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-20 09:47 - 2014-08-07 18:57 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-20 09:47 - 2014-08-07 18:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-18 12:47 - 2015-04-04 21:43 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-18 12:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-18 12:04 - 2014-04-14 11:20 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-18 11:57 - 2014-04-14 11:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 21:32 - 2014-04-19 07:19 - 00000000 ____D C:\Users\COMPAQ\AppData\Roaming\vlc
2015-07-15 20:02 - 2014-12-11 04:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 19:28 - 2014-06-08 21:34 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 16:05 - 2014-04-14 11:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 16:02 - 2015-06-24 10:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-11 10:55 - 2015-06-01 13:19 - 00000000 ____D C:\Users\COMPAQ\Downloads\holiday form_files
2015-07-11 10:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2015-07-11 10:39 - 2014-08-07 18:57 - 00000000 ____D C:\Windows\system32\Macromed
2015-07-11 10:39 - 2014-04-14 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-11 10:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-07-08 14:47 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-05 11:08 - 2014-04-14 11:35 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 22:48 - 2014-11-29 13:29 - 00000000 __SHD C:\Users\COMPAQ\AppData\Local\EmieUserList
2015-07-04 22:48 - 2014-11-29 13:29 - 00000000 __SHD C:\Users\COMPAQ\AppData\Local\EmieBrowserModeList
2015-07-04 22:47 - 2014-11-29 13:29 - 00000000 __SHD C:\Users\COMPAQ\AppData\Local\EmieSiteList
2015-07-03 08:43 - 2014-06-08 21:33 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-05-31 13:52 - 2014-06-02 15:15 - 0012841 _____ () C:\Users\COMPAQ\AppData\Roaming\Bubble Dock.installation.log
2015-04-22 16:45 - 2015-04-22 16:45 - 0004096 ____H () C:\Users\COMPAQ\AppData\Local\keyfile3.drm
2015-05-12 09:05 - 2015-05-12 09:05 - 0000000 _____ () C:\Users\COMPAQ\AppData\Local\Temp.dat
2015-03-24 06:01 - 2015-03-24 06:01 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\COMPAQ\FRST64 3007.exe
C:\Users\COMPAQ\FRST640108.exe
C:\Users\COMPAQ\FRST643007.exe
C:\Users\COMPAQ\procexp (1).exe
C:\Users\COMPAQ\procexp (2).exe
C:\Users\COMPAQ\procexp.exe
 
 
Some files in TEMP:
====================
C:\Users\COMPAQ\AppData\Local\Temp\procexp64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-15 23:11
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by COMPAQ (2015-08-01 08:04:30)
Running from C:\Users\COMPAQ
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1838249486-1020867623-664619754-500 - Administrator - Disabled)
COMPAQ (S-1-5-21-1838249486-1020867623-664619754-1000 - Administrator - Enabled) => C:\Users\COMPAQ
Guest (S-1-5-21-1838249486-1020867623-664619754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1838249486-1020867623-664619754-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Asta Powerproject - Trial (HKLM-x32\...\{95E874C3-E1A5-479C-911A-C8C5D778CC94}) (Version: 12.5.00 - Asta Development PLC)
Google Chrome (HKLM-x32\...\{5F6C7C79-9E78-3694-8827-E4F4936BA25F}) (Version: 65.205.49268 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Skype™ 6.14 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.14.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Official DVSA Theory Test for Car Drivers (HKLM-x32\...\{E9DF3ECB-00F3-4992-955D-ABC9AAD23BFA}) (Version: 1.00.0000 - TSO)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
28-06-2015 00:26:36 Windows Update
30-06-2015 14:51:18 Windows Backup
03-07-2015 12:09:35 Windows Update
07-07-2015 08:35:22 Windows Backup
07-07-2015 10:06:32 Windows Update
11-07-2015 10:29:31 Restore Operation
11-07-2015 11:23:15 Windows Update
13-07-2015 12:51:52 Windows Backup
15-07-2015 08:52:24 Windows Update
15-07-2015 19:35:42 Windows Modules Installer
18-07-2015 11:44:42 Windows Update
23-07-2015 10:07:14 Windows Update
27-07-2015 08:24:51 Windows Update
31-07-2015 15:48:53 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-07-27 10:07 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0107BE11-A893-47DA-A739-377F280A8AC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)
Task: {62AEAAFC-A7F6-48AF-ABEC-6A0D02040697} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-20] (Adobe Systems Incorporated)
Task: {9C7DF717-0D13-4C90-AAB2-5DDDC7AC2745} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {A5B0BA26-1994-483E-9F61-2184CF622573} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {EA8D952B-43D8-4F06-87BA-4CF28A1EBA2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-31 15:48 - 2015-07-25 09:46 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll
2015-07-31 15:48 - 2015-07-25 09:46 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1838249486-1020867623-664619754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\COMPAQ\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2DD6A4DD-8968-4EF3-85AD-981C44A24495}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CF9419EB-E6D6-4946-AFC4-7A2DE0A331D9}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{C983F07A-474A-46AA-B851-7B67CF82DCF5}] => (Allow) LPort=5357
FirewallRules: [{0F0F29C9-A229-4CB6-9933-119522DC34AA}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8AA88E01-79B6-4D6E-B08A-D081A7CEAA09}] => (Allow) C:\Users\COMPAQ\AppData\Local\Temp\7zS1D16\HPDiagnosticCoreUI.exe
FirewallRules: [{D55D2806-8A8D-456D-B8E6-1AE77B551D6F}] => (Allow) C:\Users\COMPAQ\AppData\Local\Temp\7zS1D16\HPDiagnosticCoreUI.exe
FirewallRules: [{EE8B8A00-759E-4496-83D3-44901C485EB4}] => (Allow) C:\Users\COMPAQ\AppData\Local\Temp\7zS6F18\HPDiagnosticCoreUI.exe
FirewallRules: [{3182B4FC-CF54-4C6E-8AB3-59BCE0826047}] => (Allow) C:\Users\COMPAQ\AppData\Local\Temp\7zS6F18\HPDiagnosticCoreUI.exe
FirewallRules: [{96BAC64D-9BEA-44E7-8B77-836ED74D8668}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/30/2015 08:52:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).
 
Error: (07/23/2015 03:20:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0x1258
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (07/22/2015 11:16:22 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x81000101).
 
Error: (07/22/2015 01:11:44 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a9f504fe-c3b9-11e3-8844-806e6f6e6963} - 000000000000012C,0x0053c008,000000000040C9F0,0,000000000040DA00,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.
 
 
Operation:
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (07/22/2015 01:11:39 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).
 
Error: (07/21/2015 11:37:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0x1274
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (07/21/2015 11:09:09 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/21/2015 11:09:09 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/21/2015 11:09:09 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/21/2015 11:09:09 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
 
System errors:
=============
Error: (08/01/2015 07:45:32 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (08/01/2015 07:45:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (08/01/2015 07:45:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/31/2015 11:50:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (07/31/2015 05:10:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (07/31/2015 05:07:49 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (07/31/2015 04:10:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/31/2015 04:10:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (07/31/2015 04:07:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.203.795.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (07/31/2015 04:07:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.203.795.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 3690.91 MB
Available physical RAM: 2143.39 MB
Total Virtual: 7380.02 MB
Available Virtual: 5596.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:447.35 GB) (Free:394.77 GB) NTFS
Drive d: (Recovery) (Fixed) (Total:14.34 GB) (Free:0 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive f: (HP EN4500) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E10DB753)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End of log ============================
 
 

  • 0

#14
Bada1

Bada1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Process CPU Private Bytes Working Set PID Verified Signer
System Idle Process 58.49 0 K 24 K 0
procexp (3)64.exe 13.18 21,168 K 37,992 K 4444 (Verified) Microsoft Corporation
chrome.exe 10.83 78,480 K 235,436 K 1760 (Verified) Google Inc
dwm.exe 3.80 34,052 K 35,176 K 1520 (Verified) Microsoft Windows
Interrupts 3.67 0 K 0 K n/a
chrome.exe 2.65 48,544 K 93,036 K 3772 (Verified) Google Inc
csrss.exe 2.39 2,700 K 5,888 K 464
System 1.40 188 K 1,116 K 4
chrome.exe 1.33 44,388 K 62,600 K 4060 (Verified) Google Inc
Skype.exe 0.81 79,204 K 98,576 K 1364 (Verified) Skype Software Sarl
FRST640108.exe 0.59 23,876 K 34,828 K 3128
explorer.exe 0.38 68,864 K 65,836 K 1560 (Verified) Microsoft Windows
MsMpEng.exe 0.20 120,664 K 97,812 K 808 (Verified) Microsoft Corporation
svchost.exe 0.17 20,608 K 37,260 K 368 (Verified) Microsoft Windows
svchost.exe 0.05 6,920 K 13,264 K 1992 (Verified) Microsoft Windows
svchost.exe 0.03 119,868 K 130,316 K 1004 (Verified) Microsoft Windows
SearchIndexer.exe 0.01 25,592 K 19,016 K 2720 (Verified) Microsoft Windows
svchost.exe 0.01 10,308 K 13,104 K 3400 (Verified) Microsoft Windows
taskhost.exe 0.01 12,768 K 13,620 K 1436 (Verified) Microsoft Windows
svchost.exe 0.01 11,808 K 19,060 K 156 (Verified) Microsoft Windows
lsass.exe 0.01 4,656 K 12,092 K 512 (Verified) Microsoft Windows
svchost.exe < 0.01 14,380 K 16,356 K 1104 (Verified) Microsoft Windows
services.exe < 0.01 6,408 K 9,944 K 496
WmiPrvSE.exe 2,600 K 6,408 K 2952
winlogon.exe 2,828 K 7,096 K 652
wininit.exe 1,472 K 4,364 K 444
svchost.exe 11,652 K 14,684 K 1384 (Verified) Microsoft Windows
svchost.exe 5,500 K 9,108 K 756 (Verified) Microsoft Windows
svchost.exe 4,296 K 9,404 K 680 (Verified) Microsoft Windows
svchost.exe 20,504 K 22,520 K 972 (Verified) Microsoft Windows
svchost.exe 4,712 K 9,528 K 1480 (Verified) Microsoft Windows
svchost.exe 1,480 K 4,244 K 3312 (Verified) Microsoft Windows
svchost.exe 2,376 K 5,636 K 2292 (Verified) Microsoft Windows
svchost.exe 5,392 K 10,876 K 2044 (Verified) Microsoft Windows
spoolsv.exe 7,852 K 14,304 K 1332 (Verified) Microsoft Windows
smss.exe 444 K 1,084 K 276
sidebar.exe 13,572 K 34,108 K 2052 (Verified) Microsoft Windows
procexp (3).exe 2,572 K 6,944 K 4684 (Verified) Microsoft Corporation
notepad.exe 1,844 K 6,620 K 2472
notepad.exe 1,828 K 6,644 K 4152
NisSrv.exe 13,248 K 6,892 K 2240 (Verified) Microsoft Corporation
msseces.exe 5,924 K 14,072 K 132 (Verified) Microsoft Corporation
lsm.exe 2,396 K 4,088 K 520
hpwuschd2.exe 932 K 3,628 K 2624 (Verified) Hewlett-Packard Company
GWX.exe 3,920 K 1,624 K 2080 (Verified) Microsoft Windows
csrss.exe 2,176 K 4,312 K 376
chrome.exe 25,704 K 30,700 K 3372 (Verified) Google Inc
chrome.exe 24,148 K 26,988 K 3368 (Verified) Google Inc
chrome.exe 24,480 K 27,188 K 3552 (Verified) Google Inc
chrome.exe 26,484 K 35,540 K 3176 (Verified) Google Inc
atiesrxx.exe 1,460 K 4,160 K 928 (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,140 K 6,160 K 1172
armsvc.exe 1,160 K 3,968 K 1628 (Verified) Adobe Systems

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Process Explorer looks a little better but I don't like this line:

 

Interrupts 3.67 0 K 0 K n/a

 

 It should be less than 1.5.  ​That's usually a bad driver. 

 

We are seeing a lot of MSE errors so its driver may be the cause.  Also Chrome is high.  FRST flagged it in its log so it may have been modified by malware.  Still the PC should be running a bit better.

 

Let's reinstall Chrome.  It's supposed to let you not lose your settings but it won't hurt to back them up first.  See 

Backup entire Google chrome setting manually 

 on  http://juan2geek.com...chrome-setting/

 

Then download a new copy from https://support.goog...wer/95346?hl=en

 

Uninstall the old Chrome (Control panel, Programs and Features).  Reboot and then reinstall using the new download.  If you lost your data you can restore it using the instructions on juan2geek.

 

 

Then run a Process Explorer log and post it.

 

 

I would also replace Microsoft Security Essentials (MSE) with the free Avast.  At least temporarily.  You can get Avast at:  https://www.avast.com/en-us/index.  Download and save it.  Uninstall MSE and reboot then install Avast.  (Right click on the installer file and Run As Administrator).  Is Avast updating OK?  Then make a new process explorer file and post it.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP