Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow unresponsive computer, 100% cpu all the time


  • Please log in to reply

#1
varylou

varylou

    Member

  • Member
  • PipPip
  • 50 posts

computer has been sitting for many years and being given to daughter. Boot up is a little slow, once windows up and running it can take hours for a program to open. Extremely unresponsive, have tried to update but it locks up. wi-fi shows no connection but it does connect, extremely slowly. have installed avg free edition and avg tune-up to help with registry issues, but its so slow the 3 day free trial ended before completing. also uninstalled outdated norton 360. Also installed chrome and picassa to locate all photos on computer and save to external drive. have used this forum many years ago and am thankful for any help. thank you

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Patty (administrator) on PATTY-HP (04-07-2016 17:26:39)
Running from C:\Users\Patty\Desktop
Loaded Profiles: Patty (Available Profiles: Patty & Any Visitor & Familia & Guest & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(Microsoft Corporation) C:\Windows\System32\tlntsvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\WMSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2014-05-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6723856 2016-06-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-06-10] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1232287608-1843942127-1758789870-1002\...\RunOnce: [Uninstall C:\Users\Patty\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patty\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64"
HKU\S-1-5-21-1232287608-1843942127-1758789870-1002\...\MountPoints2: {bacac31b-b7f4-11e3-a61d-e1fc80c4f66d} - F:\ZTE_Handset_USB_Driver.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Patty\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-07-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Patty\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-07-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Patty\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-07-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Patty\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-07-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Patty\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-07-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Patty\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-07-02] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{D2DCDA8F-96C1-48BD-96AC-4E5A644C000D}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1232287608-1843942127-1758789870-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/CQNOT/1
HKU\S-1-5-21-1232287608-1843942127-1758789870-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.iegallery.com/en-us/Addons/Details/9422
URLSearchHook: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {779DE508-AB1D-4030-9826-E49F49392F8A} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM -> {98D213E5-857B-4072-86D4-3207C4DDDA2F} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {B30088F6-5D5A-4355-BF1F-40D4A915AD96} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {CCBB7EFC-B3A9-4F93-9364-6F7B79AFB53F} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {779DE508-AB1D-4030-9826-E49F49392F8A} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM-x32 -> {98D213E5-857B-4072-86D4-3207C4DDDA2F} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm003^YY^us&si=CMqLtOjUyrcCFYhxQgodHE4AKw&ptb=78DC9980-A33C-46DF-ACF1-AD25AD7757BF&ind=2013060416&n=77fcdd40&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002Q9us&ptb=E29D9161-94C2-4693-9363-507F3BE88BFF&psa=&ind=2011091415&ptnrS=XPxdm002Q9us&si=CIrImpO3nasCFeUZQgodLn8qig&st=sb&n=77ded1d7&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {B30088F6-5D5A-4355-BF1F-40D4A915AD96} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {CCBB7EFC-B3A9-4F93-9364-6F7B79AFB53F} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> DefaultScope {48D56B68-22B7-4328-BDF7-0A6CBA1F34EF} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS479
SearchScopes: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> {48D56B68-22B7-4328-BDF7-0A6CBA1F34EF} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS479
SearchScopes: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> {5B91B7B0-0B82-40FD-AE01-246A883820AA} URL = hxxp://www.bing.com/search?FORM=UP74DF&PC=UP74&dt=060413&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> {779DE508-AB1D-4030-9826-E49F49392F8A} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> {98D213E5-857B-4072-86D4-3207C4DDDA2F} URL = hxxp://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120105,6901,0,8,0
SearchScopes: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = 
SearchScopes: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = 
SearchScopes: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> {B30088F6-5D5A-4355-BF1F-40D4A915AD96} URL = 
SearchScopes: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> {CCBB7EFC-B3A9-4F93-9364-6F7B79AFB53F} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-03-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-03-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-11-01] (Yahoo! Inc)
Toolbar: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc64.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2014-04-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-03-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-30]
CHR Extension: (Google Docs) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-30]
CHR Extension: (Google Drive) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-30]
CHR Extension: (YouTube) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-30]
CHR Extension: (Google Sheets) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-30]
CHR Extension: (Google Docs Offline) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-30]
CHR Extension: (Norton Identity Safe) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-06-30]
CHR Extension: (Norton Security Toolbar) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2016-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-30]
CHR Extension: (Gmail) - C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [637944 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5251808 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712792 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-05-31] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4803344 2016-06-01] (AVG Technologies CZ, s.r.o.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [249088 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [280320 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [76544 2016-06-01] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 massfilter_hs; C:\Windows\SysWOW64\drivers\massfilter_hs.sys [15896 2011-03-07] (HandSet Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-07-17] ()
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-06-01] (AVG Netherlands B.V.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 zghsdiag; C:\Windows\SysWOW64\DRIVERS\zghsdiag.sys [113432 2011-03-07] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\SysWOW64\DRIVERS\zghsmdm.sys [113432 2011-03-07] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\SysWOW64\DRIVERS\zghsnmea.sys [113432 2011-03-07] (ZTE Incorporated)
S3 CpqDfw; system32\drivers\CpqDfw.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-04 17:26 - 2016-07-04 17:30 - 00022302 _____ C:\Users\Patty\Desktop\FRST.txt
2016-07-04 17:16 - 2016-07-04 17:26 - 00000000 ____D C:\FRST
2016-07-04 17:14 - 2016-07-04 17:00 - 02390016 _____ (Farbar) C:\Users\Patty\Desktop\FRST64.exe
2016-07-03 21:36 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2016-07-03 21:36 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2016-07-03 21:35 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-07-03 21:35 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-07-03 20:49 - 2015-11-03 12:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-07-03 20:49 - 2015-11-03 11:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-07-03 20:43 - 2016-07-03 20:43 - 00000000 ____D C:\Intel
2016-07-03 18:11 - 2016-07-03 18:42 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForPatty.job
2016-07-03 18:11 - 2016-07-03 18:11 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForPatty
2016-07-03 15:39 - 2016-07-04 14:41 - 00003694 _____ C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2016-07-03 14:39 - 2016-07-03 14:39 - 00002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-07-03 14:39 - 2016-07-03 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2016-07-03 14:39 - 2016-06-01 15:12 - 00053008 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2016-07-03 14:39 - 2016-06-01 15:05 - 00044304 ____C (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2016-07-03 14:39 - 2016-06-01 15:05 - 00039696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2016-07-02 22:14 - 2016-07-02 22:14 - 00001070 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2016-07-02 22:12 - 2016-07-02 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-07-02 20:33 - 2016-04-09 00:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-07-02 20:33 - 2016-04-09 00:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-02 20:33 - 2016-04-09 00:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-07-02 20:33 - 2016-04-09 00:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-02 20:33 - 2016-04-09 00:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-02 20:33 - 2016-04-08 23:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-07-02 20:33 - 2016-04-08 23:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-07-02 20:33 - 2016-04-08 23:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-02 20:33 - 2016-04-08 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 22:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-07-02 20:33 - 2016-04-08 22:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-07-02 20:33 - 2016-04-08 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-07-02 20:33 - 2016-04-08 22:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-02 20:33 - 2016-04-08 22:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-07-02 20:33 - 2016-04-08 22:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-07-02 20:33 - 2016-04-08 22:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-02 20:33 - 2016-04-08 22:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-02 20:33 - 2016-04-08 22:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-02 20:33 - 2016-04-08 22:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-07-02 20:33 - 2016-04-08 22:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-02 20:33 - 2016-04-08 22:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-07-02 20:33 - 2016-04-08 22:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-07-02 20:33 - 2016-04-08 22:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-07-02 20:33 - 2016-04-08 22:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-07-02 20:33 - 2016-04-08 22:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-07-02 20:33 - 2016-04-08 22:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-02 20:33 - 2016-04-08 22:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 22:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 22:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-02 20:33 - 2016-04-08 22:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-02 20:33 - 2016-03-23 15:43 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-07-02 20:33 - 2016-03-23 15:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-07-02 20:33 - 2016-03-23 15:40 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-07-02 20:33 - 2016-03-23 15:40 - 00459344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-02 20:33 - 2016-03-23 15:40 - 00298192 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-02 20:33 - 2016-03-23 15:39 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-02 20:28 - 2016-03-09 11:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-07-02 20:28 - 2016-03-09 11:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-07-02 20:23 - 2016-04-14 09:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-07-02 20:23 - 2016-04-14 09:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-07-02 20:23 - 2016-04-14 09:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-02 20:23 - 2016-04-14 09:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-07-02 20:23 - 2016-04-14 09:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-07-02 20:23 - 2016-04-14 09:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-07-02 20:23 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-07-02 20:23 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-07-02 20:23 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-07-02 20:23 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-07-02 20:23 - 2016-04-14 08:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-07-02 20:23 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-07-02 20:15 - 2016-04-08 21:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-07-02 20:15 - 2016-04-08 20:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-07-02 19:53 - 2015-09-01 20:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-02 19:53 - 2015-09-01 20:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-02 19:53 - 2015-09-01 20:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-02 19:53 - 2015-09-01 20:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-02 19:53 - 2015-09-01 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-02 19:53 - 2015-09-01 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-02 19:53 - 2015-09-01 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-07-02 19:53 - 2015-09-01 19:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-07-02 19:53 - 2015-09-01 18:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-02 19:53 - 2015-09-01 18:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-02 19:53 - 2015-09-01 18:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-02 19:16 - 2016-07-02 19:16 - 00000000 ____D C:\Users\Familia\AppData\Roaming\AVG
2016-07-02 19:14 - 2016-07-02 19:14 - 00000000 __SHD C:\Users\Familia\AppData\Local\EmieUserList
2016-07-02 19:14 - 2016-07-02 19:14 - 00000000 __SHD C:\Users\Familia\AppData\Local\EmieSiteList
2016-07-02 19:14 - 2016-07-02 19:14 - 00000000 ____D C:\Users\Any Visitor.Patty-HP.000\AppData\Local\Google
2016-07-02 19:14 - 2016-07-02 19:14 - 00000000 ____D C:\Users\Any Visitor.Patty-HP.000\AppData\Local\Avg
2016-07-02 19:12 - 2016-07-02 19:12 - 00000000 ____D C:\Users\Familia\AppData\Local\Avg
2016-07-02 19:10 - 2016-07-02 19:10 - 00000000 ____D C:\Users\Familia\AppData\Local\Google
2016-07-02 17:31 - 2016-07-02 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-07-02 17:31 - 2016-07-02 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-06-30 18:55 - 2016-06-30 18:55 - 00000000 ____D C:\Users\Patty\AppData\Roaming\AVG
2016-06-30 18:50 - 2016-06-30 18:50 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-30 18:44 - 2016-07-02 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-30 18:44 - 2016-06-30 18:44 - 00000000 ____D C:\Users\Patty\AppData\Roaming\TuneUp Software
2016-06-30 18:39 - 2016-06-30 18:39 - 00000000 ___HD C:\$AVG
2016-06-30 18:28 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-30 18:28 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-30 18:28 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-06-30 18:28 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-06-30 18:27 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-06-30 18:27 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-06-30 18:27 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-06-30 18:27 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-06-30 18:27 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-06-30 18:27 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-06-30 18:26 - 2016-07-04 14:53 - 00000000 ____D C:\ProgramData\MFAData
2016-06-30 18:26 - 2016-06-30 18:26 - 00000000 ____D C:\Users\Patty\AppData\Local\MFAData
2016-06-30 18:24 - 2016-06-30 18:25 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-06-30 18:24 - 2016-06-30 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-06-30 18:22 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-06-30 18:22 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-06-30 18:22 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-06-30 18:22 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-06-30 18:16 - 2016-07-03 14:37 - 00000000 ____D C:\Program Files (x86)\AVG
2016-06-30 18:13 - 2016-07-03 14:38 - 00000000 ____D C:\Users\Patty\AppData\Local\Avg
2016-06-30 18:13 - 2016-07-03 14:34 - 00000000 ____D C:\ProgramData\Avg
2016-06-30 18:13 - 2016-07-03 14:33 - 00000000 ____D C:\Users\Patty\AppData\Local\AvgSetupLog
2016-06-30 18:13 - 2016-06-30 18:13 - 03143504 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Patty\Downloads\AVG_Protection_Free_1597 (1).exe
2016-06-30 18:12 - 2016-06-30 18:12 - 03143504 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Patty\Downloads\AVG_Protection_Free_1597.exe
2016-06-30 13:32 - 2016-06-30 13:32 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-30 13:32 - 2016-06-30 13:32 - 00002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-30 13:29 - 2016-07-04 16:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-30 13:29 - 2016-07-04 16:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-30 13:29 - 2016-07-04 14:40 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-30 13:29 - 2016-07-04 14:40 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-30 12:54 - 2016-06-30 12:54 - 00000000 __SHD C:\Users\Any Visitor.Patty-HP.000\AppData\LocalLow\EmieSiteList
2016-06-30 12:04 - 2016-06-30 12:04 - 00000000 ____D C:\Users\Any Visitor.Patty-HP.000\AppData\Local\Apple
2016-06-30 12:02 - 2016-07-03 18:42 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForAny Visitor.job
2016-06-30 12:02 - 2016-07-03 15:05 - 00003224 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAny Visitor
2016-06-30 12:01 - 2016-06-30 12:02 - 00000000 ____D C:\Users\Any Visitor.Patty-HP.000\AppData\Local\Hewlett-Packard
2016-06-30 11:59 - 2016-06-30 12:01 - 00000000 ____D C:\Users\Any Visitor.Patty-HP.000\AppData\Roaming\Hewlett-Packard
2016-06-30 11:58 - 2016-06-30 11:58 - 00001417 _____ C:\Users\Any Visitor.Patty-HP.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-30 11:58 - 2016-06-30 11:58 - 00000000 ____D C:\Users\Any Visitor.Patty-HP.000\AppData\Roaming\Adobe
2016-06-30 11:55 - 2016-06-30 11:55 - 00000000 ____D C:\Users\Any Visitor.Patty-HP.000\AppData\Local\VirtualStore
2016-06-30 11:54 - 2016-06-30 12:23 - 00000000 ____D C:\Users\Any Visitor.Patty-HP.000
2016-06-30 11:54 - 2016-06-30 11:54 - 00000020 ___SH C:\Users\Any Visitor.Patty-HP.000\ntuser.ini
2016-06-30 11:54 - 2016-06-30 11:54 - 00000000 _SHDL C:\Users\Any Visitor.Patty-HP.000\My Documents
2016-06-30 11:54 - 2016-06-30 11:54 - 00000000 _SHDL C:\Users\Any Visitor.Patty-HP.000\Documents\My Videos
2016-06-30 11:54 - 2016-06-30 11:54 - 00000000 _SHDL C:\Users\Any Visitor.Patty-HP.000\Documents\My Pictures
2016-06-30 11:54 - 2016-06-30 11:54 - 00000000 _SHDL C:\Users\Any Visitor.Patty-HP.000\Documents\My Music
2016-06-30 11:54 - 2014-01-25 19:22 - 00000000 ____D C:\Users\Any Visitor.Patty-HP.000\AppData\Roaming\Media Center Programs
2016-06-30 11:54 - 2013-03-06 02:33 - 00002064 _____ C:\Users\Any Visitor.Patty-HP.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2016-06-30 11:54 - 2011-02-16 03:05 - 00000000 ____D C:\Users\Any Visitor.Patty-HP.000\AppData\Roaming\Mozilla
2016-06-09 08:15 - 2016-06-09 08:15 - 00310016 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-04 17:11 - 2009-07-13 22:13 - 00882480 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-04 17:07 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2016-07-04 17:01 - 2009-07-13 21:45 - 00023248 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-04 17:01 - 2009-07-13 21:45 - 00023248 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-04 16:54 - 2014-04-22 14:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-04 16:49 - 2009-07-13 20:20 - 00000000 ___DC C:\Windows\system32\NDF
2016-07-04 16:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\inetsrv
2016-07-04 16:34 - 2012-04-21 17:17 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-07-04 16:33 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-04 16:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-07-04 14:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-07-04 14:42 - 2012-12-15 12:37 - 00003002 _____ C:\Windows\System32\Tasks\{19CE5A34-8273-430C-8F8E-D4965C65BCB9}
2016-07-04 14:42 - 2012-12-15 12:23 - 00003002 _____ C:\Windows\System32\Tasks\{E7ED2D14-1D39-41D8-AD1F-7EE7BCA275F2}
2016-07-04 14:42 - 2012-12-15 12:23 - 00003002 _____ C:\Windows\System32\Tasks\{3DB6BFE5-99E0-4122-B1EC-4D11F3E4A6C0}
2016-07-04 14:42 - 2011-06-13 19:00 - 00003002 _____ C:\Windows\System32\Tasks\{F432852F-3E2A-4AA4-AC0A-B43E47319111}
2016-07-04 14:42 - 2011-06-13 19:00 - 00003002 _____ C:\Windows\System32\Tasks\{3CC3C2CA-FDE0-4CE3-8E85-7B0495985C2C}
2016-07-04 14:42 - 2011-06-13 18:53 - 00003002 _____ C:\Windows\System32\Tasks\{FB9743C9-B1ED-43F6-AD36-6FD950DBE832}
2016-07-04 14:42 - 2011-06-10 20:04 - 00003002 _____ C:\Windows\System32\Tasks\{CFB7E985-8E3D-4920-87C1-11A1DDBA20FD}
2016-07-04 14:42 - 2011-06-10 20:04 - 00003002 _____ C:\Windows\System32\Tasks\{8EFDF48F-2422-4214-879B-FD63181DDADB}
2016-07-04 14:42 - 2011-06-10 20:03 - 00003002 _____ C:\Windows\System32\Tasks\{AEB9FD84-C3C4-40CD-ABED-FE656AB13AC3}
2016-07-04 14:42 - 2011-06-10 20:03 - 00003002 _____ C:\Windows\System32\Tasks\{86A328E2-4E44-4B4F-865E-3401D809764A}
2016-07-04 14:40 - 2010-11-17 08:17 - 00003704 _____ C:\Windows\System32\Tasks\RecoveryCDWin7
2016-07-04 14:40 - 2010-11-17 08:17 - 00003404 _____ C:\Windows\System32\Tasks\ServicePlan
2016-07-04 10:03 - 2009-07-13 21:45 - 00282592 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-04 09:56 - 2014-04-25 16:14 - 00000000 __SDC C:\Windows\system32\CompatTel
2016-07-04 09:56 - 2013-03-15 20:27 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-04 09:54 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-07-04 09:54 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2016-07-04 09:54 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-07-04 09:54 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-04 09:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2016-07-03 22:26 - 2011-06-19 11:02 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E70F668C-BB52-4DEB-9230-CEB9DB7EEF6B}
2016-07-03 19:27 - 2010-11-17 13:25 - 00000000 ____D C:\Users\Patty\AppData\Local\CrashDumps
2016-07-03 19:18 - 2014-06-05 22:28 - 00000000 ____D C:\Users\Patty\AppData\Roaming\Skype
2016-07-03 19:18 - 2014-06-04 07:44 - 00000000 ____D C:\Users\Patty\Documents\Youcam
2016-07-03 19:18 - 2011-06-19 15:39 - 00000000 ____D C:\Users\Patty\AppData\Roaming\HpUpdate
2016-07-03 19:18 - 2010-11-17 08:18 - 00000000 ____D C:\Users\Patty\AppData\Roaming\hpqLog
2016-07-03 19:18 - 2010-07-10 20:01 - 00000000 ____D C:\ProgramData\Temp
2016-07-03 19:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-07-03 15:43 - 2013-11-02 13:26 - 00002996 _____ C:\Windows\System32\Tasks\{B45D287B-6E99-49D4-B73D-6AE8BE4AEEA8}
2016-07-03 11:06 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-07-03 01:24 - 2013-07-18 00:41 - 00000000 ____D C:\Windows\system32\MRT
2016-07-03 00:44 - 2010-12-17 12:38 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-03 00:26 - 2011-02-11 13:23 - 00874966 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-02 23:55 - 2010-07-10 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-02 23:51 - 2013-11-07 06:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-02 23:51 - 2010-07-10 21:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-02 22:14 - 2011-06-21 09:51 - 00000000 ____D C:\Users\Patty\AppData\Local\Google
2016-07-02 22:11 - 2011-06-21 09:51 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-02 20:47 - 2010-07-10 19:40 - 00000000 ____D C:\ProgramData\Symantec
2016-07-02 20:11 - 2014-02-28 11:43 - 00000000 ___RD C:\Users\Patty\OneDrive
2016-07-02 20:11 - 2014-02-28 09:36 - 00002160 _____ C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-07-02 20:05 - 2011-02-07 16:46 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-07-02 20:05 - 2010-07-08 01:43 - 00000000 ____D C:\ProgramData\Norton
2016-06-30 15:29 - 2011-05-18 16:11 - 00000000 ____D C:\Users\Patty\AppData\Local\ElevatedDiagnostics
2016-06-30 15:27 - 2011-08-23 14:37 - 00000000 ___DC C:\Users\DefaultAppPool
2016-06-30 14:17 - 2011-05-18 15:11 - 00007641 _____ C:\Users\Patty\AppData\Local\Resmon.ResmonCfg
2016-06-30 14:17 - 2009-07-13 20:20 - 00000000 ____D C:\PerfLogs
2016-06-30 13:57 - 2014-04-23 21:48 - 00000000 ____D C:\Windows\Minidump
2016-06-30 13:56 - 2014-04-22 14:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-30 13:55 - 2014-04-22 14:08 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-30 13:55 - 2014-04-22 14:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-30 13:29 - 2014-04-13 16:11 - 00000519 _____ C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2016-06-30 13:29 - 2012-01-30 11:04 - 00000000 ____D C:\Users\Patty\AppData\Local\Deployment
2016-06-30 11:57 - 2010-11-17 08:11 - 00000000 ____D C:\Users\Patty
 
==================== Files in the root of some directories =======
 
2006-08-17 11:54 - 2013-07-19 21:06 - 0000029 _____ () C:\Program Files\Autorun.inf
2013-02-25 21:13 - 2013-07-19 21:07 - 0791548 _____ () C:\Program Files\Release.txt
2013-02-25 23:25 - 2013-07-19 21:07 - 0253680 _____ (Synaptics Incorporated) C:\Program Files\Setup.exe
2011-09-14 12:21 - 2011-09-14 12:07 - 0161736 _____ () C:\Program Files (x86)\64res.dll
2011-02-15 20:34 - 2011-04-18 15:51 - 0001854 _____ () C:\Users\Patty\AppData\Roaming\GhostObjGAFix.xml
2013-07-19 12:25 - 2014-04-06 22:01 - 0005632 _____ () C:\Users\Patty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-18 15:11 - 2016-06-30 14:17 - 0007641 _____ () C:\Users\Patty\AppData\Local\Resmon.ResmonCfg
2010-07-08 01:37 - 2010-07-08 01:37 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-10 20:51 - 2010-07-10 20:51 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-07-08 01:37 - 2010-07-08 01:37 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-10 20:44 - 2010-07-10 20:45 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-07-08 01:36 - 2010-07-08 01:36 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-07-08 01:37 - 2010-07-08 01:37 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-10 20:43 - 2010-07-10 20:44 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-10 20:45 - 2010-07-10 20:51 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-07-08 01:37 - 2010-07-08 01:37 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
Files to move or delete:
====================
C:\Users\Patty\ESRendezvousInfc.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-30 15:35
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Patty (2016-07-04 17:37:16)
Running from C:\Users\Patty\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-11-17 15:11:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1232287608-1843942127-1758789870-500 - Administrator - Disabled)
Any Visitor (S-1-5-21-1232287608-1843942127-1758789870-1010 - Administrator - Enabled) => C:\Users\Any Visitor.Patty-HP.000
Familia (S-1-5-21-1232287608-1843942127-1758789870-1013 - Administrator - Enabled) => C:\Users\Familia
Guest (S-1-5-21-1232287608-1843942127-1758789870-501 - Limited - Enabled) => C:\Users\Guest
Patty (S-1-5-21-1232287608-1843942127-1758789870-1002 - Administrator - Enabled) => C:\Users\Patty
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Photoshop Album 2.0 Starter Edition (HKLM-x32\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.100 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.72.2.24716 - AVG Technologies)
AVG (Version: 16.91.7688 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4613 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.42.2.18804 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.42.6 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.91.7688 - AVG Technologies)
AVG Zen (Version: 1.72.1 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
InstallIQ Updater (HKLM-x32\...\{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}) (Version: 1.4.3.0 - W3i, LLC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1232287608-1843942127-1758789870-1002\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Patty\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Patty\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A0679E5-D05B-4C6A-905B-3FD932E6241F} - System32\Tasks\Event Viewer Tasks\Microsoft-Windows-Diagnostics-Performance_Operational_Microsoft-Windows-Diagnostics-Performance_351
Task: {0BAA7BE4-D674-4313-928E-2896136D99FA} - System32\Tasks\{8EFDF48F-2422-4214-879B-FD63181DDADB} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0C4C3377-5E9E-4CD9-9661-A14AF1B1833F} - System32\Tasks\{3DB6BFE5-99E0-4122-B1EC-4D11F3E4A6C0} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {10A9E111-4E19-4274-89B0-63CAAEDDBB1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {139D6B8A-FFCB-482B-9072-63C8214D4C8A} - System32\Tasks\{3CC3C2CA-FDE0-4CE3-8E85-7B0495985C2C} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1922C14D-9956-41A0-8D6B-1727D287F863} - System32\Tasks\{EC5E42D1-5A75-4650-93EB-32FA60ABE42C} => pcalua.exe -a C:\Users\Patty\AppData\Local\Temp\Temp1_LGWindowsMobile_USBDriver_WHQL_ML_Ver_1.0.zip\LGWindowsMobile_USBDriver_WHQL_ML_Ver_1.0.exe
Task: {1F6E5F82-DBF8-488B-B12A-14FDD68BFF8A} - System32\Tasks\{1E4EDAF8-8D21-463E-952F-6177DD987B08} => pcalua.exe -a "C:\Program Files (x86)\COMPAQ\CPQ650TP\Ver. 2.3\unins000.EXE"
Task: {224C06E5-15CE-40D6-932B-1B132373E94C} - System32\Tasks\{F432852F-3E2A-4AA4-AC0A-B43E47319111} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {28A32CDA-4198-48B2-A3AA-487496B599F4} - System32\Tasks\{FB9743C9-B1ED-43F6-AD36-6FD950DBE832} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2DFDC6B8-2E83-46C5-9F07-ACBB105DE39D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3277B4B9-B8ED-420A-A78C-1ED920F738FC} - System32\Tasks\{E4842C1D-89D1-453F-AF2F-517C6CEEEC25} => pcalua.exe -a "C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
Task: {4D675FC0-7CBC-4A46-A5A7-3D0C6B8FBCC0} - System32\Tasks\HPCeeScheduleForAny Visitor => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4FE50A07-6B43-4620-B00B-6CAE9D26BF05} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {57D40D84-CAF9-4F09-AB15-55C362AC5D23} - System32\Tasks\{D3B71ABC-D8AB-445D-9DF9-D040BF645B55} => pcalua.exe -a "C:\Program Files (x86)\AddThis Toolbar\Uninst.exe" -d "C:\Program Files (x86)\AddThis Toolbar"
Task: {671EF15B-4DD2-43B8-8BAC-A44DC7997468} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {78367E6D-9442-4F89-BC91-E028BF7B5309} - System32\Tasks\{14079E4F-BE3F-4EEE-BC76-4EA5965C1C86} => pcalua.exe -a C:\ProgramData\Uninstall\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}\setup.exe -c /x {9008D736-35CA-40DB-A2BE-5F32D954E5AA}
Task: {7F9900DE-9C70-49BD-98AE-3AD075EF9A01} - System32\Tasks\{B45D287B-6E99-49D4-B73D-6AE8BE4AEEA8} => C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe [2014-01-10] (Microsoft Corp.)
Task: {8325F4E8-4059-43C2-80CC-7B73BA3442C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {834E1CD3-0CB8-4226-8DE7-5FF1460F5983} - System32\Tasks\HPCeeScheduleForPatty => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {84B24D32-437F-47F9-B3C1-C2BCB571C3A2} - System32\Tasks\{CFB7E985-8E3D-4920-87C1-11A1DDBA20FD} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8B3D829C-E47D-4CC3-B29F-6698AA23D463} - System32\Tasks\{6648A3C0-17EF-4D19-8667-097E71BDE31B} => pcalua.exe -a "C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16P3NL1N\B2CAppSetup[1].exe" -d C:\Users\Patty\Desktop
Task: {8CC34197-7F32-4D1E-97DE-22B696AD610F} - System32\Tasks\{5D9340B7-71C9-4B81-A078-458718E7D281} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {8E38353A-C866-4A2F-8B70-A6CA65C213A4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {A21494CA-A7B1-49BE-8285-C33BB3F79E52} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-30] (Adobe Systems Incorporated)
Task: {A88610C3-CC77-41EB-AA52-0AA5F1C4A0BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {AA9E4E63-2A1A-46BF-A713-D7996F500CB4} - System32\Tasks\{86A328E2-4E44-4B4F-865E-3401D809764A} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AAA8364F-3751-4D48-A7D8-7E1BC0C062A3} - System32\Tasks\{B7FEB280-42C9-449F-9C17-A98800EEC7B3} => pcalua.exe -a "C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BH4H4R84\wlsetup-web.exe" -d C:\Users\Patty\Desktop
Task: {B042B3F4-CFE3-435A-83D9-03F3763E6B77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {C497BBFA-246D-45C4-B079-2B2762D57005} - System32\Tasks\{AEB9FD84-C3C4-40CD-ABED-FE656AB13AC3} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C56ECDDF-2211-4279-B349-CBD40924ECCF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {C6DE2FBA-2697-4084-900F-66A3852DAFF2} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {CC3516D9-F841-4D59-A904-F25ACE793032} - System32\Tasks\{19CE5A34-8273-430C-8F8E-D4965C65BCB9} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DB6E80E7-D0B5-4AB2-9141-0A9F12B40A44} - System32\Tasks\{710C6DAA-2F52-4B54-8F95-CDF460955C87} => pcalua.exe -a C:\ProgramData\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe -d C:\ProgramData\LGMOBILEAX\B2C_Client
Task: {DE1CE84E-F47B-4DA2-8D52-1A3F48FD80BF} - System32\Tasks\{85E92500-57C1-45FF-8900-F8B08DB3C13E} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {F0FDE714-25B7-4286-853C-79A110122E39} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {FBDFA2C7-CDBB-4C3D-8AF3-1EFC92804370} - System32\Tasks\{E7ED2D14-1D39-41D8-AD1F-7EE7BCA275F2} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {FF3B613B-1281-40FF-BB0B-097319F3DEC1} - System32\Tasks\{F9F606C2-DB89-4D06-A7D7-30FF2A69B705} => C:\LGVX8360\LGUnitedMobileDriver_S4981CAN32AP22_ML_WHQL_Ver_3.2.1.exe [2011-04-07] (Acresso Software Inc.                                        )
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAny Visitor.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForPatty.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=hp_softwarestore&pf=cnnb&locale=en_us&bd=all&c=104>C:\Program Files (x86)\Online Services\hpswstore\hpswstore.ico (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Walmart Photo Center.lnk -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=wmsnapfish&pf=cnnb&locale=en_us&bd=all&c=1046C:\Program Files (x86)\Online Services\snapfish\wm.ico (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-02 20:10 - 2016-07-02 20:10 - 00959168 _____ () C:\Users\Patty\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2016-06-30 18:16 - 2016-06-30 18:14 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [119]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1232287608-1843942127-1758789870-1002\...\adobe.com -> hxxps://helpx.adobe.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1232287608-1843942127-1758789870-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AA47F0FC-94D2-43B5-B272-AA6B9B3061BB}] => (Allow) svchost.exe
FirewallRules: [{07E73095-2D4C-4C46-9366-715E8F2D9A85}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{76AE9FA4-F355-47D7-8E60-39D901A9CC6B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{C8693F56-3760-48C1-91BF-961210279B91}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{16F96600-F677-401D-9892-A16458E0159C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{763A96E6-2B7C-4827-BE76-B076CC37791F}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{6D38425D-7000-49D9-9273-02D84690CA31}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{90F75C77-57DD-4A49-890A-67B7B07B8478}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{265F1143-E62B-49C3-A6AB-46AFE02E98F2}] => (Allow) C:\Program Files (x86)\AddThis Toolbar\TroubleShooter.exe
FirewallRules: [{F671B55B-8B72-4DBF-8868-228B0D6911D0}] => (Allow) C:\Program Files (x86)\AddThis Toolbar\TroubleShooter.exe
FirewallRules: [{79300767-6D51-4AF1-914C-7D2297D41B80}] => (Allow) C:\Program Files (x86)\AddThis Toolbar\ToolbarUpdate.exe
FirewallRules: [{94D553C4-5DA2-4EA2-A42D-D4EEB57CE836}] => (Allow) C:\Program Files (x86)\AddThis Toolbar\ToolbarUpdate.exe
FirewallRules: [{CF1254E9-4A54-41E1-9DC0-8F2302093C80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B0D0F93A-53A9-46B0-AE00-C0D027E379F0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{C20AD279-BFBB-4DB1-B527-B956E11D8EFC}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe
FirewallRules: [{268BAE5D-A462-443E-B7C0-C1181FB73A50}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe
FirewallRules: [{CD3B4554-AD8F-4522-BA43-916A9668ABAC}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe
FirewallRules: [{A9EB1BCC-DA4B-4F3A-AF55-2D763174F630}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe
FirewallRules: [{ED92DC4A-7564-404D-B37F-AEB8FCBD1BBF}] => (Allow) C:\Windows\system32\recdisc.exe
FirewallRules: [{28AF33D5-2E9A-4CD5-8746-5F577E19757B}] => (Allow) C:\Windows\system32\recdisc.exe
FirewallRules: [{08BCE7BD-E0FD-4855-857D-21C46DC974FC}] => (Allow) C:\Windows\system32\recdisc.exe
FirewallRules: [{E3F386A9-1B57-4CFC-AA08-F5F8A8843B48}] => (Allow) C:\Windows\system32\recdisc.exe
FirewallRules: [{7951BDB9-AC19-4C8A-A0E8-C515BFC70433}] => (Allow) C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe
FirewallRules: [{8D56D530-BC92-483C-A911-C711A84D6341}] => (Allow) C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe
FirewallRules: [{A9903283-E6EF-475D-8C33-6053637DFC0E}] => (Allow) C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe
FirewallRules: [{4D682C72-1BFB-4C13-959C-BD7CFE10BB00}] => (Allow) C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe
FirewallRules: [{09F2B995-1348-4DE0-BAC4-BC4B54C76C25}] => (Allow) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
FirewallRules: [{3FA19122-82F9-4CF2-8181-A6C97522D706}] => (Allow) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
FirewallRules: [{224FD7F9-872A-4F72-B6B4-68E8B2C2592F}] => (Allow) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
FirewallRules: [{14DD3AFF-956B-44D2-AAE9-E33F0381917D}] => (Allow) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
FirewallRules: [{B4FDBF2A-AEBF-4785-A34C-22774D55B6F8}] => (Allow) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
FirewallRules: [{1E37EA18-C95B-441D-BE48-FCD99A1EE3FB}] => (Allow) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
FirewallRules: [{90226F6E-154A-4788-8DFC-988E771CBFD5}] => (Allow) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
FirewallRules: [{DBC0D012-DD52-4A20-80CD-854247AF2DB3}] => (Allow) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
FirewallRules: [{5BB30A19-B476-49B7-BAE9-2A1859F204C4}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe
FirewallRules: [{C97F80D4-949C-465D-82B8-DF40CA3DFE54}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe
FirewallRules: [{A1E95163-84B7-4017-8122-E8A395B9C0C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B93E6EB2-FE20-4C44-9624-FE401F753F67}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{17518F41-F019-4AA3-8586-88E458CA57A9}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{09F64EF7-FF0F-4AA0-9D3F-F160D45F37E4}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{F480AFDE-84D3-4664-BD12-623366781A3A}] => (Allow) C:\Windows\system32\recdisc.exe
FirewallRules: [{8CF625D2-F1A4-4918-AB14-EA7297D738B5}] => (Allow) C:\Windows\system32\recdisc.exe
FirewallRules: [{C2D157A9-67A6-4A88-AFAA-12112CC3E94F}] => (Allow) C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe
FirewallRules: [{F43349ED-BB4A-450C-9600-E9DEEAC221E8}] => (Allow) C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe
FirewallRules: [{5C7067A1-55F4-46C0-B4A1-B38210E5B53D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{8FAA28B6-BF53-46FA-8601-59ACA02FD135}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{31E96A26-735B-43C8-B56C-AD4DEA3FA1D2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{486BF7D4-6C64-4B22-801A-DA7284C76598}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{1EAB5565-DF7A-4DF2-A40D-882A7D270C88}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{07880670-A8AF-4D51-B77A-716ED38403B5}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{A0B86A8F-206F-4265-AF18-8AC0F30C87E4}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{094B658F-54C8-4B33-A536-467786CE7C00}] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{6BD29183-9BBF-4E8B-9B17-BF2FAD032456}] => (Allow) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
FirewallRules: [{E7110920-4CF3-4565-A88E-0B5773813D9C}] => (Allow) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
FirewallRules: [{1514D64D-26A7-4E61-B939-3F8675190849}] => (Allow) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
FirewallRules: [{D3DE21BD-0828-45A3-8F09-72B506057410}] => (Allow) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
FirewallRules: [{9C65A0FF-CA63-4688-A3D2-DAB48A0F57D5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{17E63927-C198-4325-833C-800779AF1292}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{412E70AA-5FA2-435B-BABE-59F5EF6120D6}] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{1777BF02-96BE-4564-A049-10206D97FF3F}] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [{6F909D77-5E5F-40E2-9DE7-70B4DD89393B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B37F1357-7A05-4A7D-A528-D65E065F577D}] => (Allow) LPort=2869
FirewallRules: [{9B792C18-300D-41C7-9087-1E657917AA22}] => (Allow) LPort=1900
FirewallRules: [{609EACD6-27A6-4B3A-A0BE-3AA1BD21AFF3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{FC8F321C-4A84-43F4-A110-335EB59F91C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F789921B-C952-47ED-94A1-F9CF71A9BF69}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{83F15ED6-975B-4BCC-853D-377E1344D9B6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{4FD10A8F-FA42-41DE-8464-CCFABAC39C0E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{0E5B0551-4A13-4BE5-BFCC-9228520CB4C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{11D9497B-9542-480B-816B-8313DDFCF7C5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{C02C86BC-BC03-476F-9045-45847826A83C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{98C5B547-177A-4DC4-9C6D-839E349C9FE7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{C238B94F-FE20-4B9E-998D-FC9EDB4E5862}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
 
==================== Restore Points =========================
 
11-04-2014 00:46:13 Removed Cisco LEAP Module
11-04-2014 00:47:05 Removed Cisco EAP-FAST Module
13-04-2014 10:33:29 Installed Java 7 Update 25 (64-bit)
13-04-2014 11:26:59 Windows Update
14-04-2014 01:16:39 Restore Operation
15-04-2014 09:20:27 Windows Update
15-04-2014 09:21:26 Windows Backup
15-04-2014 17:07:24 Installed Java 7 Update 55
17-04-2014 13:00:59 Windows Update
22-04-2014 11:48:37 Windows Backup
22-04-2014 12:00:39 Windows Update
25-04-2014 15:56:20 Windows Update
25-04-2014 16:13:27 Windows Update
25-04-2014 16:17:53 Windows Update
27-04-2014 11:26:34 HPSF Restore Point
29-04-2014 11:51:04 Windows Backup
29-04-2014 12:22:23 Windows Update
01-05-2014 17:57:30 Windows Update
03-05-2014 00:11:51 Windows Live Essentials
05-05-2014 02:50:08 Configured YouCam
05-05-2014 20:02:52 HPSF Applying updates
05-05-2014 22:33:42 HPSF Applying updates
06-05-2014 02:52:52 Windows Update
06-05-2014 04:00:13 Windows Backup
09-05-2014 11:19:22 Windows Update
13-05-2014 09:00:59 Windows Backup
13-05-2014 09:16:28 Windows Update
15-05-2014 11:30:28 Windows Modules Installer
15-05-2014 16:49:29 Windows Live Essentials
15-05-2014 16:51:29 WLSetup
18-05-2014 16:39:53 Windows Update
18-05-2014 18:14:03 Norton 360 Registry Clean
20-05-2014 04:00:25 Windows Backup
22-05-2014 13:34:01 Windows Update
27-05-2014 11:47:37 Windows Backup
30-05-2014 15:12:24 Windows Update
03-06-2014 04:00:08 Windows Backup
03-06-2014 04:01:15 Windows Update
04-06-2014 07:38:21 Configured YouCam
04-06-2014 09:09:50 Windows Update
04-06-2014 13:42:25 Installed DriverUpdate
05-06-2014 17:59:06 Removed DriverUpdate
06-06-2014 00:50:09 Installed HP Support Solutions Framework
06-06-2014 01:30:00 Removed Skype™ 6.16
06-06-2014 01:33:53 Removed Skype Click to Call
06-06-2014 14:06:47 Windows Update
10-06-2014 12:33:45 Windows Update
14-06-2014 13:58:01 Windows Update
14-06-2014 15:12:26 Restore Operation
14-06-2014 16:08:00 Windows Update
15-06-2014 12:22:40 Windows Update
17-06-2014 04:27:48 Windows Backup
25-06-2014 19:02:33 Windows Update
25-06-2014 19:21:40 Windows Backup
30-06-2016 12:20:31 HPSF Restore Point
30-06-2016 13:43:26 Windows Backup
30-06-2016 18:18:15 Windows Update
30-06-2016 18:31:04 Installed AVG 2016
30-06-2016 18:33:23 Installed AVG
02-07-2016 20:15:48 Removed Norton Online Backup
02-07-2016 20:36:56 Removed Norton Online Backup
02-07-2016 22:50:09 Windows Update
03-07-2016 19:42:33 Windows Update
03-07-2016 22:53:49 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/04/2016 04:34:41 PM) (Source: EvntAgnt) (EventID: 2019) (User: )
Description: SNMP Event Log Extension Agent did not initialize correctly.
 
Error: (07/04/2016 04:34:41 PM) (Source: EvntAgnt) (EventID: 1020) (User: )
Description: Error processing registry parameters. Extension agent terminating.
 
Error: (07/04/2016 04:34:41 PM) (Source: EvntAgnt) (EventID: 2019) (User: )
Description: SNMP Event Log Extension Agent did not initialize correctly.
 
Error: (07/04/2016 04:34:41 PM) (Source: EvntAgnt) (EventID: 3005) (User: )
Description: Error positioning to end of log file -- seek to end of log failed. Handle specified is 20906056. Return code from ReadEventLog is 122.
 
Error: (07/04/2016 02:50:34 PM) (Source: EvntAgnt) (EventID: 2019) (User: )
Description: SNMP Event Log Extension Agent did not initialize correctly.
 
Error: (07/04/2016 02:50:34 PM) (Source: EvntAgnt) (EventID: 1020) (User: )
Description: Error processing registry parameters. Extension agent terminating.
 
Error: (07/04/2016 02:50:34 PM) (Source: EvntAgnt) (EventID: 2019) (User: )
Description: SNMP Event Log Extension Agent did not initialize correctly.
 
Error: (07/04/2016 02:50:34 PM) (Source: EvntAgnt) (EventID: 3005) (User: )
Description: Error positioning to end of log file -- seek to end of log failed. Handle specified is 19529800. Return code from ReadEventLog is 122.
 
Error: (07/04/2016 10:04:00 AM) (Source: EvntAgnt) (EventID: 2019) (User: )
Description: SNMP Event Log Extension Agent did not initialize correctly.
 
Error: (07/04/2016 10:04:00 AM) (Source: EvntAgnt) (EventID: 1020) (User: )
Description: Error processing registry parameters. Extension agent terminating.
 
 
System errors:
=============
Error: (07/04/2016 05:58:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the defragsvc service.
 
Error: (07/04/2016 05:07:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the defragsvc service.
 
Error: (07/04/2016 04:34:36 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error: (07/04/2016 04:33:33 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (07/04/2016 04:23:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B8FB4AD7-EA4A-4B47-BFDC-BFC94160A8EA}
 
Error: (07/04/2016 04:08:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.
 
Error: (07/04/2016 02:59:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (07/04/2016 02:50:30 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error: (07/04/2016 02:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (07/04/2016 02:49:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2011-08-23 15:05:52.608
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Release\endetect.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-23 15:05:52.514
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Release\endetect.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-23 15:05:51.391
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Release\endetect.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-23 15:05:51.313
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Release\endetect.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-23 15:05:48.848
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Release\tapbind1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-23 15:05:48.786
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Release\tapbind1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-23 15:05:47.584
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Release\tapbind1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-23 15:05:47.522
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Release\tapbind1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-23 12:01:25.644
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Release\endetect.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-23 12:01:25.566
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Release\endetect.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 94%
Total physical RAM: 1978.92 MB
Available physical RAM: 114.3 MB
Total Virtual: 4123.79 MB
Available Virtual: 898.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:216.47 GB) (Free:53.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.12 GB) (Free:0.43 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 92636A50)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=216.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
 

1. Double-click  Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage  Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 

sfc /scannow
 
(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     

    • 0

    #3
    varylou

    varylou

      Member

    • Topic Starter
    • Member
    • PipPip
    • 50 posts
    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    svchost.exe 91.61 1,076,564 K 42,676 K 1180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    procexp64.exe 5.62 27,912 K 46,624 K 4124 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    snmp.exe 0.48 3,256 K 1,260 K 2052 SNMP Service Microsoft Corporation (Verified) Microsoft Windows
    CinemaNowSvc.exe 0.45 6,540 K 2,280 K 1924 CinemaNow Service Application CinemaNow, Inc. (Verified) Sonic Solutions
    System 0.39 3,072 K 120,716 K 4
    dwm.exe 0.28 53,404 K 22,340 K 2516 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    Interrupts 0.25 0 K 0 K n/a Hardware Interrupts and DPCs
    csrss.exe 0.23 3,252 K 5,228 K 804 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    taskhost.exe 0.15 12,108 K 7,736 K 2456 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.12 127,820 K 117,604 K 1128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    explorer.exe 0.11 44,644 K 52,332 K 2564 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    SearchIndexer.exe 0.09 62,544 K 28,228 K 4328 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    RpcSandraSrv.exe 0.05 11,768 K 17,760 K 1948 SiSoftware Sandra Agent Service (NT)(Unicode) SiSoftware (Verified) SiSoftware Ltd
    svchost.exe 0.04 29,868 K 12,124 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.03 9,828 K 9,920 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    SearchProtocolHost.exe 0.02 4,496 K 5,276 K 1172 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.01 4,236 K 4,844 K 792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.01 3,888 K 4,104 K 380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.01 11,516 K 11,444 K 1156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    avgwdsvca.exe 0.01 12,896 K 14,476 K 1456 AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    lsm.exe 0.01 2,316 K 1,904 K 940 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
    services.exe 0.01 6,456 K 5,100 K 900 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
    avgidsagenta.exe < 0.01 14,940 K 14,548 K 1888 AVG Identity Protection Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    svchost.exe < 0.01 5,332 K 3,436 K 5612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    SynTPEnh.exe < 0.01 7,812 K 2,388 K 2596 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
    svchost.exe < 0.01 15,180 K 10,188 K 1560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    HPSA_Service.exe < 0.01 29,228 K 4,524 K 1012 HP Support Assistant Service Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
    avgsvca.exe < 0.01 6,928 K 11,056 K 1984 AVG Service Process AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    avgui.exe < 0.01 7,564 K 7,604 K 3700 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    WMSvc.exe 1,588 K 252 K 4060 IIS Manager Service Microsoft Corporation (Verified) Microsoft Windows
    wmpnetwk.exe 12,920 K 11,868 K 4000 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe 3,220 K 5,220 K 4888 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe 2,740 K 6,608 K 2148 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    WmiApSrv.exe 1,624 K 460 K 3992 WMI Performance Reverse Adapter Microsoft Corporation (Verified) Microsoft Windows
    winlogon.exe 2,408 K 1,564 K 852 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
    wininit.exe 1,320 K 244 K 796 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
    vds.exe 1,868 K 388 K 3260 Virtual Disk Service Microsoft Corporation (Verified) Microsoft Windows
    TrustedInstaller.exe 3,128 K 816 K 5948 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
    tlntsvr.exe 1,512 K 408 K 3228 Telnet Microsoft Corporation (Verified) Microsoft Windows
    TCPSVCS.EXE 1,632 K 560 K 1808 TCP/IP Services Application Microsoft Corporation (Verified) Microsoft Windows
    System Idle Process 0 K 24 K 0
    SynTPHelper.exe 1,132 K 476 K 3868 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
    svchost.exe 57,148 K 20,760 K 3968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 4,520 K 1,528 K 2300 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,380 K 416 K 2744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,668 K 1,540 K 1780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,156 K 2,380 K 3948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,916 K 2,120 K 4592 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 4,528 K 2,104 K 1864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 2,364 K 2,076 K 1316 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 19,428 K 10,208 K 1080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 7,920 K 5,328 K 3592 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,764 K 360 K 2764 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,884 K 492 K 3164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,008 K 260 K 5036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    spoolsv.exe 6,272 K 3,356 K 1696 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    snmptrap.exe 1,572 K 480 K 3112 SNMP Trap Microsoft Corporation (Verified) Microsoft Windows
    SMSvcHost.exe 22,448 K 1,112 K 4084 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
    SMSvcHost.exe 26,052 K 1,692 K 2888 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
    smss.exe 372 K 228 K 292 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
    SearchFilterHost.exe 2,096 K 6,052 K 2268 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
    RtVOsdService.exe 19,680 K 1,452 K 4348 RtVOsdService Realtek Semiconductor Corp. (No signature was present in the subject) Realtek Semiconductor Corp.
    RtVOsd.exe 2,252 K 1,400 K 3708 Realtek OSD for Volume/Mute Realtek Semiconductor Corp. (No signature was present in the subject) Realtek Semiconductor Corp.
    RtkNGUI64.exe 9,264 K 1,444 K 1772 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    RpcDataSrv.exe 8,656 K 13,016 K 2804 SiSoftware Database Agent Service (NT)(Unicode) SiSoftware (Verified) SiSoftware Ltd
    procexp.exe 2,920 K 7,184 K 3048 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    PresentationFontCache.exe 24,760 K 1,576 K 2192 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
    perfhost.exe 944 K 196 K 2508 x86 Performance Counter Host Microsoft Corporation (Verified) Microsoft Windows
    mqsvc.exe 3,948 K 700 K 2848 Message Queuing Service Microsoft Corporation (Verified) Microsoft Windows
    mDNSResponder.exe 1,848 K 2,012 K 1748 Bonjour Service Apple Inc. (Verified) Apple Inc.
    lsass.exe 4,620 K 6,164 K 908 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
    inetinfo.exe 6,024 K 2,244 K 2716 Internet Information Services Microsoft Corporation (Verified) Microsoft Windows
    igfxpers.exe 2,420 K 2,844 K 1248 persistence Module Intel Corporation (Verified) Intel Corporation
    HPWMISVC.exe 1,380 K 248 K 2688 HP Quick Launch WMI Service Hewlett-Packard Development Company, L.P. (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company, L.P.
    HPWA_Service.exe 42,152 K 12,188 K 4668 HPPA_Service Hewlett-Packard Company (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
    HPSupportSolutionsFrameworkService.exe 10,328 K 1,084 K 2324 SolutionsFrameworkService Hewlett-Packard Company (Verified) Hewlett-Packard Company
    hpqwmiex.exe 2,136 K 1,356 K 5864 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
    hkcmd.exe 2,672 K 1,300 K 3056 hkcmd Module Intel Corporation (Verified) Intel Corporation
    dllhost.exe 7,796 K 2,200 K 3020 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
    ctfmon.exe 2,004 K 616 K 5940 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
    csrss.exe 2,788 K 2,776 K 756 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    CISVC.EXE 1,344 K 236 K 2112 Content Index service Microsoft Corporation (Verified) Microsoft Windows
    avguix.exe 10,144 K 6,004 K 3556 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    avgrsa.exe 17,080 K 18,660 K 404 AVG Resident Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    avgnsa.exe 9,068 K 9,044 K 4220 AVG Online Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    avgemca.exe 2,520 K 1,556 K 4500 AVG E-mail Scanner AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    avgcsrva.exe 14,288 K 80,376 K 488 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    audiodg.exe 17,912 K 17,488 K 5736 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
    armsvc.exe 1,128 K 284 K 1796 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
    AERTSr64.exe 752 K 224 K 1820 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP
    svchost.exe 91.61 1,076,564 K 42,676 K 1180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

     

     

    Hover over the above in Process Explorer.  Process Explorer should tell you what services are riding on it.   What are they?


    • 0

    #5
    varylou

    varylou

      Member

    • Topic Starter
    • Member
    • PipPip
    • 50 posts
    here is the VEW sys report. i will check the process explorer and tell you in a minute.

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 06/07/2016 8:17:57 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 06/07/2016 2:58:27 PM
    Type: Error Category: 0
    Event: 1500 Source: SNMP
    The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Log: 'System' Date/Time: 06/07/2016 2:57:49 PM
    Type: Error Category: 0
    Event: 3095 Source: NETLOGON
    This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

    Log: 'System' Date/Time: 06/07/2016 2:54:32 PM
    Type: Error Category: 0
    Event: 7043 Source: Service Control Manager
    The Windows Update service did not shut down properly after receiving a preshutdown control.

    Log: 'System' Date/Time: 06/07/2016 2:52:08 PM
    Type: Error Category: 0
    Event: 1500 Source: SNMP
    The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Log: 'System' Date/Time: 06/07/2016 2:51:48 PM
    Type: Error Category: 0
    Event: 7032 Source: Service Control Manager
    The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

    Log: 'System' Date/Time: 06/07/2016 2:51:20 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 06/07/2016 2:51:19 PM
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

    Log: 'System' Date/Time: 06/07/2016 2:51:18 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 06/07/2016 2:51:14 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 06/07/2016 2:51:14 PM
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s).

    Log: 'System' Date/Time: 06/07/2016 2:51:14 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The RtVOsdService Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 06/07/2016 2:51:13 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Web Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Log: 'System' Date/Time: 06/07/2016 2:51:05 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 06/07/2016 2:51:05 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 06/07/2016 2:51:05 PM
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).

    Log: 'System' Date/Time: 06/07/2016 2:51:05 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 06/07/2016 2:51:05 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 06/07/2016 2:51:05 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The SNMP Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 06/07/2016 2:51:05 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The SNMP Trap service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 06/07/2016 2:51:05 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Telnet service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 06/07/2016 2:59:56 PM
    Type: Warning Category: 0
    Event: 20169 Source: RemoteAccess
    Unable to contact a DHCP server. The Automatic Private IP Address 169.254.37.202 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

    Log: 'System' Date/Time: 06/07/2016 2:57:47 PM
    Type: Warning Category: 0
    Event: 121 Source: MSiSCSI
    The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

    Log: 'System' Date/Time: 06/07/2016 2:57:44 PM
    Type: Warning Category: 0
    Event: 11 Source: Microsoft-Windows-Wininit
    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

    Log: 'System' Date/Time: 06/07/2016 2:55:57 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 06/07/2016 6:38:15 AM
    Type: Warning Category: 0
    Event: 20169 Source: RemoteAccess
    Unable to contact a DHCP server. The Automatic Private IP Address 169.254.190.40 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

    Log: 'System' Date/Time: 06/07/2016 6:37:00 AM
    Type: Warning Category: 0
    Event: 11 Source: Microsoft-Windows-Wininit
    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

    Log: 'System' Date/Time: 06/07/2016 6:36:56 AM
    Type: Warning Category: 0
    Event: 121 Source: MSiSCSI
    The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

    Log: 'System' Date/Time: 06/07/2016 4:52:12 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.
    • 0

    #6
    varylou

    varylou

      Member

    • Topic Starter
    • Member
    • PipPip
    • 50 posts
    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 06/07/2016 8:38:15 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 06/07/2016 2:58:31 PM
    Type: Error Category: 0
    Event: 2019 Source: EvntAgnt
    SNMP Event Log Extension Agent did not initialize correctly.

    Log: 'Application' Date/Time: 06/07/2016 2:58:31 PM
    Type: Error Category: 0
    Event: 1020 Source: EvntAgnt
    Error processing registry parameters. Extension agent terminating.

    Log: 'Application' Date/Time: 06/07/2016 2:58:31 PM
    Type: Error Category: 0
    Event: 2019 Source: EvntAgnt
    SNMP Event Log Extension Agent did not initialize correctly.

    Log: 'Application' Date/Time: 06/07/2016 2:58:31 PM
    Type: Error Category: 0
    Event: 3005 Source: EvntAgnt
    Error positioning to end of log file -- seek to end of log failed. Handle specified is 21168200. Return code from ReadEventLog is 122.

    Log: 'Application' Date/Time: 06/07/2016 2:52:12 PM
    Type: Error Category: 0
    Event: 2019 Source: EvntAgnt
    SNMP Event Log Extension Agent did not initialize correctly.

    Log: 'Application' Date/Time: 06/07/2016 2:52:12 PM
    Type: Error Category: 0
    Event: 1020 Source: EvntAgnt
    Error processing registry parameters. Extension agent terminating.

    Log: 'Application' Date/Time: 06/07/2016 2:52:12 PM
    Type: Error Category: 0
    Event: 2019 Source: EvntAgnt
    SNMP Event Log Extension Agent did not initialize correctly.

    Log: 'Application' Date/Time: 06/07/2016 2:52:12 PM
    Type: Error Category: 0
    Event: 3005 Source: EvntAgnt
    Error positioning to end of log file -- seek to end of log failed. Handle specified is 21823560. Return code from ReadEventLog is 122.

    Log: 'Application' Date/Time: 06/07/2016 6:37:55 AM
    Type: Error Category: 0
    Event: 2019 Source: EvntAgnt
    SNMP Event Log Extension Agent did not initialize correctly.

    Log: 'Application' Date/Time: 06/07/2016 6:37:55 AM
    Type: Error Category: 0
    Event: 1020 Source: EvntAgnt
    Error processing registry parameters. Extension agent terminating.

    Log: 'Application' Date/Time: 06/07/2016 6:37:55 AM
    Type: Error Category: 0
    Event: 2019 Source: EvntAgnt
    SNMP Event Log Extension Agent did not initialize correctly.

    Log: 'Application' Date/Time: 06/07/2016 6:37:55 AM
    Type: Error Category: 0
    Event: 3005 Source: EvntAgnt
    Error positioning to end of log file -- seek to end of log failed. Handle specified is 22741064. Return code from ReadEventLog is 122.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 06/07/2016 2:58:31 PM
    Type: Warning Category: 0
    Event: 3001 Source: EvntAgnt
    Log file not positioned at end.

    Log: 'Application' Date/Time: 06/07/2016 2:58:31 PM
    Type: Warning Category: 0
    Event: 3001 Source: EvntAgnt
    Log file not positioned at end.

    Log: 'Application' Date/Time: 06/07/2016 2:53:54 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-1232287608-1843942127-1758789870-1002:
    Process 1216 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002
    Process 1216 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002\Software\Microsoft\RAS AutoDial


    Log: 'Application' Date/Time: 06/07/2016 2:52:12 PM
    Type: Warning Category: 0
    Event: 3001 Source: EvntAgnt
    Log file not positioned at end.

    Log: 'Application' Date/Time: 06/07/2016 2:52:12 PM
    Type: Warning Category: 0
    Event: 3001 Source: EvntAgnt
    Log file not positioned at end.

    Log: 'Application' Date/Time: 06/07/2016 2:50:30 PM
    Type: Warning Category: 0
    Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
    Certificate for local system with Thumbprint d6 41 c8 dc 82 87 14 9d e2 09 1c 87 4a 2c c6 32 d2 09 30 69 is about to expire or already expired.

    Log: 'Application' Date/Time: 06/07/2016 6:37:55 AM
    Type: Warning Category: 0
    Event: 3001 Source: EvntAgnt
    Log file not positioned at end.

    Log: 'Application' Date/Time: 06/07/2016 6:37:55 AM
    Type: Warning Category: 0
    Event: 3001 Source: EvntAgnt
    Log file not positioned at end.

    Log: 'Application' Date/Time: 06/07/2016 4:49:57 AM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1232287608-1843942127-1758789870-1002_Classes:
    Process 2804 (\Device\HarddiskVolume2\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002_CLASSES


    Log: 'Application' Date/Time: 06/07/2016 4:49:56 AM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-1232287608-1843942127-1758789870-1002:
    Process 1948 (\Device\HarddiskVolume2\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002
    Process 1948 (\Device\HarddiskVolume2\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002
    Process 1948 (\Device\HarddiskVolume2\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002\Software\Microsoft\Internet Explorer\Main
    Process 1948 (\Device\HarddiskVolume2\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 1948 (\Device\HarddiskVolume2\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002\Software\Policies
    Process 1948 (\Device\HarddiskVolume2\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl
    Process 1948 (\Device\HarddiskVolume2\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 1948 (\Device\HarddiskVolume2\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Process 1948 (\Device\HarddiskVolume2\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002\Software
    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Create a new Process Explorer log and add it to a Reply.

     

    Without rebooting:

     

    Copy the next line:

    TASKLIST /SVC /FO LIST > \junk.txt
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter 
     
    Now Type:
    Notepad \junk.txt

    Hit Enter.  Copy and paste the text from notepad into a Reply.

     

    This will allow me to see what services are on the the bad SVCHOST.


    • 0

    #8
    varylou

    varylou

      Member

    • Topic Starter
    • Member
    • PipPip
    • 50 posts
    I screwed up, saved the AdwCleaner report and was going to add to reply but it was empty, so i ran it again. doesn't have much on it. but here it is;


    # AdwCleaner v5.201 - Logfile created 06/07/2016 at 09:29:04
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-07-06.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Patty - PATTY-HP
    # Running from : C:\Users\Patty\Desktop\AdwCleaner.exe
    # Option : Clean
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    [-] [C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com

    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [12576 bytes] - [06/07/2016 07:51:08]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1030 bytes] - [06/07/2016 09:29:04]
    C:\AdwCleaner\AdwCleaner[S1].txt - [13748 bytes] - [06/07/2016 01:59:52]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1155 bytes] - [06/07/2016 08:56:07]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1250 bytes] ##########



    Also, here is the Process Explorer report;

    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    System Idle Process 48.59 0 K 24 K 0
    procexp64.exe 24.42 28,148 K 46,536 K 3444 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    avgidsagenta.exe 0.06 12,940 K 12,108 K 1944 AVG Identity Protection Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    Interrupts 1.64 0 K 0 K n/a Hardware Interrupts and DPCs
    System 1.46 968 K 520 K 4
    SynTPEnh.exe 3.00 7,576 K 1,940 K 2712 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
    dwm.exe 1.63 45,344 K 16,824 K 1424 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    avgui.exe 1.25 16,600 K 7,068 K 2432 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    svchost.exe 1.22 1,140,204 K 588,904 K 1160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    csrss.exe 0.62 2,264 K 4,488 K 800 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    avgwdsvca.exe 0.73 11,816 K 6,888 K 2160 AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    CinemaNowSvc.exe 0.43 6,420 K 2,156 K 2268 CinemaNow Service Application CinemaNow, Inc. (Verified) Sonic Solutions
    explorer.exe 0.31 26,748 K 15,424 K 1368 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.24 4,592 K 1,356 K 2604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    lsm.exe 2,268 K 1,636 K 936 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
    lsass.exe 0.04 4,428 K 3,864 K 904 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
    SearchIndexer.exe 0.13 51,216 K 7,188 K 4172 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.05 18,872 K 6,936 K 1060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    services.exe 6,544 K 4,200 K 896 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
    chrome.exe 0.06 34,424 K 27,212 K 6052 Google Chrome Google Inc. (Verified) Google Inc
    svchost.exe 0.18 9,240 K 8,504 K 1344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    HPSA_Service.exe 0.05 28,644 K 4,652 K 5836 HP Support Assistant Service Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
    svchost.exe 0.02 11,288 K 9,100 K 1136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.06 3,768 K 3,400 K 1012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    csrss.exe < 0.01 2,192 K 1,932 K 748 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    taskhost.exe 0.03 7,860 K 3,164 K 2020 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.02 60,408 K 1,676 K 4064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    wmpnetwk.exe 0.02 12,464 K 5,328 K 4788 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
    HPSF.exe 0.02 62,624 K 2,364 K 5280 HP Support Assistant Hewlett-Packard Company (Verified) Hewlett-Packard Company
    svchost.exe 0.05 15,580 K 7,596 K 1280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    dllhost.exe 0.01 3,124 K 868 K 2472 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
    avgrsa.exe 0.02 15,556 K 12,040 K 396 AVG Resident Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    svchost.exe 0.03 15,596 K 7,948 K 1556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1.62 95,016 K 82,056 K 1108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    SearchProtocolHost.exe < 0.01 2,008 K 4,992 K 4672 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
    snmptrap.exe < 0.01 1,584 K 536 K 3604 SNMP Trap Microsoft Corporation (Verified) Microsoft Windows
    avgsvca.exe < 0.01 6,964 K 6,984 K 2016 AVG Service Process AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    WmiApSrv.exe < 0.01 1,632 K 528 K 4088 WMI Performance Reverse Adapter Microsoft Corporation (Verified) Microsoft Windows
    WMSvc.exe 1,592 K 324 K 2968 IIS Manager Service Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe 5,556 K 5,568 K 4884 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe 2,920 K 3,876 K 4404 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    winlogon.exe 2,388 K 1,284 K 848 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
    wininit.exe 1,296 K 320 K 788 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
    VSSVC.exe 2,084 K 520 K 3836 Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
    vds.exe 1,868 K 372 K 3812 Virtual Disk Service Microsoft Corporation (Verified) Microsoft Windows
    TrustedInstaller.exe 3,212 K 8,544 K 5628 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
    tlntsvr.exe 1,512 K 464 K 3732 Telnet Microsoft Corporation (Verified) Microsoft Windows
    TCPSVCS.EXE 1,640 K 528 K 3544 TCP/IP Services Application Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe 2,016 K 6,052 K 3124 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe 1,956 K 1,716 K 5248 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    SynTPHelper.exe 1,132 K 284 K 4892 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
    svchost.exe 5,048 K 3,260 K 3140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 4,164 K 4,152 K 688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,572 K 816 K 3632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,880 K 500 K 3672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,388 K 444 K 2884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,944 K 656 K 4328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 4,504 K 1,200 K 1888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 2,252 K 1,864 K 1304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,496 K 1,376 K 5308 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 6,652 K 1,040 K 3864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,000 K 328 K 4192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 972 K 884 K 4044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1,772 K 444 K 2688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    spoolsv.exe 6,756 K 1,432 K 1676 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    software_reporter_tool.exe 2,520 K 5,376 K 1260 Chrome Cleanup Tool Google (Verified) Google Inc
    snmp.exe 2,976 K 1,132 K 3572 SNMP Service Microsoft Corporation (Verified) Microsoft Windows
    SMSvcHost.exe 26,072 K 2,060 K 3160 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
    SMSvcHost.exe 22,580 K 1,512 K 3036 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
    smss.exe 368 K 224 K 292 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
    SearchFilterHost.exe 3,288 K 6,120 K 2492 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
    RtVOsdService.exe 19,576 K 2,592 K 4868 RtVOsdService Realtek Semiconductor Corp. (No signature was present in the subject) Realtek Semiconductor Corp.
    RtVOsd.exe 2,244 K 944 K 5960 Realtek OSD for Volume/Mute Realtek Semiconductor Corp. (No signature was present in the subject) Realtek Semiconductor Corp.
    RtkNGUI64.exe 9,012 K 696 K 2728 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
    procexp.exe 2,912 K 7,204 K 3316 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    PresentationFontCache.exe 24,796 K 1,900 K 2524 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
    perfhost.exe 932 K 224 K 3420 x86 Performance Counter Host Microsoft Corporation (Verified) Microsoft Windows
    notepad.exe 1,708 K 1,448 K 2948 Notepad Microsoft Corporation (Verified) Microsoft Windows
    mqsvc.exe 3,944 K 520 K 3096 Message Queuing Service Microsoft Corporation (Verified) Microsoft Windows
    mDNSResponder.exe 1,744 K 420 K 2232 Bonjour Service Apple Inc. (Verified) Apple Inc.
    inetinfo.exe 6,024 K 832 K 2812 Internet Information Services Microsoft Corporation (Verified) Microsoft Windows
    igfxpers.exe 2,416 K 724 K 2904 persistence Module Intel Corporation (Verified) Intel Corporation
    HPWMISVC.exe 1,384 K 312 K 2808 HP Quick Launch WMI Service Hewlett-Packard Development Company, L.P. (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company, L.P.
    HPWA_Service.exe 40,560 K 9,308 K 5984 HPPA_Service Hewlett-Packard Company (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
    HPSupportSolutionsFrameworkService.exe 10,340 K 1,268 K 2628 SolutionsFrameworkService Hewlett-Packard Company (Verified) Hewlett-Packard Company
    hpqwmiex.exe 2,104 K 1,448 K 372 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
    hkcmd.exe 2,580 K 572 K 2896 hkcmd Module Intel Corporation (Verified) Intel Corporation
    dllhost.exe 9,692 K 1,124 K 4676 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
    ctfmon.exe 1,996 K 340 K 3016 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
    CISVC.EXE 1,344 K 200 K 2448 Content Index service Microsoft Corporation (Verified) Microsoft Windows
    chrome.exe 69,076 K 32,260 K 4012 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 61,164 K 15,288 K 1104 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 1,480 K 796 K 6060 Google Chrome Google Inc. (Verified) Google Inc
    avguix.exe 9,988 K 992 K 2436 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    avgnsa.exe 8,224 K 5,712 K 4660 AVG Online Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    avgemca.exe 2,600 K 860 K 4820 AVG E-mail Scanner AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    avgcsrva.exe 12,632 K 39,212 K 480 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ
    armsvc.exe 1,128 K 308 K 1832 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
    AERTSr64.exe 752 K 272 K 1864 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics

    going to run the command prompt now.
    • 0

    #9
    varylou

    varylou

      Member

    • Topic Starter
    • Member
    • PipPip
    • 50 posts

    Image Name: System Idle Process
    PID: 0
    Services: N/A

    Image Name: System
    PID: 4
    Services: N/A

    Image Name: smss.exe
    PID: 292
    Services: N/A

    Image Name: avgrsa.exe
    PID: 396
    Services: N/A

    Image Name: avgcsrva.exe
    PID: 480
    Services: N/A

    Image Name: csrss.exe
    PID: 748
    Services: N/A

    Image Name: wininit.exe
    PID: 788
    Services: N/A

    Image Name: csrss.exe
    PID: 800
    Services: N/A

    Image Name: winlogon.exe
    PID: 848
    Services: N/A

    Image Name: services.exe
    PID: 896
    Services: N/A

    Image Name: lsass.exe
    PID: 904
    Services: KeyIso
    ProtectedStorage
    SamSs

    Image Name: lsm.exe
    PID: 936
    Services: N/A

    Image Name: svchost.exe
    PID: 1012
    Services: DcomLaunch
    PlugPlay
    Power

    Image Name: svchost.exe
    PID: 688
    Services: RpcEptMapper
    RpcSs

    Image Name: svchost.exe
    PID: 1060
    Services: AudioSrv
    Dhcp
    eventlog
    HomeGroupProvider
    lmhosts
    wscsvc

    Image Name: svchost.exe
    PID: 1108
    Services: AudioEndpointBuilder
    dot3svc
    HomeGroupListener
    IPBusEnum
    Netman
    PcaSvc
    SysMain
    TrkWks
    UxSms
    WdiSystemHost
    Wlansvc

    Image Name: svchost.exe
    PID: 1136
    Services: EventSystem
    fdPHost
    FontCache
    netprofm
    nsi
    SstpSvc
    WdiServiceHost

    Image Name: svchost.exe
    PID: 1160
    Services: Appinfo
    BITS
    Browser
    CertPropSvc
    EapHost
    IKEEXT
    iphlpsvc
    LanmanServer
    MSiSCSI
    ProfSvc
    RasAuto
    RasMan
    RemoteAccess
    Schedule
    seclogon
    SENS
    ShellHWDetection
    Themes
    Winmgmt
    wuauserv

    Image Name: svchost.exe
    PID: 1280
    Services: CryptSvc
    Dnscache
    LanmanWorkstation
    NlaSvc
    TapiSrv
    TermService
    Wecsvc

    Image Name: svchost.exe
    PID: 1304
    Services: gpsvc

    Image Name: svchost.exe
    PID: 1344
    Services: AppIDSvc
    FDResPub
    Mcx2Svc
    QWAVE
    SCardSvr
    SSDPSRV
    upnphost
    wcncsvc

    Image Name: svchost.exe
    PID: 1556
    Services: BFE
    DPS
    MpsSvc
    pla
    WwanSvc

    Image Name: spoolsv.exe
    PID: 1676
    Services: Spooler

    Image Name: armsvc.exe
    PID: 1832
    Services: AdobeARMservice

    Image Name: AERTSr64.exe
    PID: 1864
    Services: AERTFilters

    Image Name: svchost.exe
    PID: 1888
    Services: AppHostSvc

    Image Name: avgidsagenta.exe
    PID: 1944
    Services: AVGIDSAgent

    Image Name: taskhost.exe
    PID: 2020
    Services: N/A

    Image Name: dwm.exe
    PID: 1424
    Services: N/A

    Image Name: explorer.exe
    PID: 1368
    Services: N/A

    Image Name: avgsvca.exe
    PID: 2016
    Services: avgsvc

    Image Name: avgwdsvca.exe
    PID: 2160
    Services: avgwd

    Image Name: mDNSResponder.exe
    PID: 2232
    Services: Bonjour Service

    Image Name: CinemaNowSvc.exe
    PID: 2268
    Services: CinemaNow Service

    Image Name: CISVC.EXE
    PID: 2448
    Services: CISVC

    Image Name: dllhost.exe
    PID: 2472
    Services: COMSysApp

    Image Name: PresentationFontCache.exe
    PID: 2524
    Services: FontCache3.0.0.0

    Image Name: svchost.exe
    PID: 2604
    Services: ftpsvc

    Image Name: HPSupportSolutionsFrameworkService.exe
    PID: 2628
    Services: HPSupportSolutionsFrameworkService

    Image Name: SynTPEnh.exe
    PID: 2712
    Services: N/A

    Image Name: RtkNGUI64.exe
    PID: 2728
    Services: N/A

    Image Name: hkcmd.exe
    PID: 2896
    Services: N/A

    Image Name: igfxpers.exe
    PID: 2904
    Services: N/A

    Image Name: avguix.exe
    PID: 2436
    Services: N/A

    Image Name: HPWMISVC.exe
    PID: 2808
    Services: HPWMISVC

    Image Name: inetinfo.exe
    PID: 2812
    Services: IISADMIN

    Image Name: svchost.exe
    PID: 2884
    Services: iprip

    Image Name: svchost.exe
    PID: 2688
    Services: LPDSVC

    Image Name: avgui.exe
    PID: 2432
    Services: N/A

    Image Name: mqsvc.exe
    PID: 3096
    Services: MSMQ

    Image Name: SMSvcHost.exe
    PID: 3160
    Services: NetPipeActivator
    NetTcpActivator
    NetTcpPortSharing

    Image Name: perfhost.exe
    PID: 3420
    Services: PerfHost

    Image Name: TCPSVCS.EXE
    PID: 3544
    Services: simptcp

    Image Name: snmp.exe
    PID: 3572
    Services: SNMP

    Image Name: snmptrap.exe
    PID: 3604
    Services: SNMPTRAP

    Image Name: svchost.exe
    PID: 3672
    Services: stisvc

    Image Name: tlntsvr.exe
    PID: 3732
    Services: TlntSvr

    Image Name: vds.exe
    PID: 3812
    Services: vds

    Image Name: VSSVC.exe
    PID: 3836
    Services: VSS

    Image Name: svchost.exe
    PID: 3864
    Services: W3SVC
    WAS

    Image Name: svchost.exe
    PID: 4044
    Services: WerSvc

    Image Name: svchost.exe
    PID: 4064
    Services: WinDefend

    Image Name: WmiApSrv.exe
    PID: 4088
    Services: wmiApSrv

    Image Name: WMSvc.exe
    PID: 2968
    Services: WMSVC

    Image Name: SMSvcHost.exe
    PID: 3036
    Services: NetMsmqActivator

    Image Name: SearchIndexer.exe
    PID: 4172
    Services: WSearch

    Image Name: svchost.exe
    PID: 4328
    Services: PolicyAgent

    Image Name: WmiPrvSE.exe
    PID: 4404
    Services: N/A

    Image Name: avgnsa.exe
    PID: 4660
    Services: N/A

    Image Name: dllhost.exe
    PID: 4676
    Services: N/A

    Image Name: wmpnetwk.exe
    PID: 4788
    Services: WMPNetworkSvc

    Image Name: avgemca.exe
    PID: 4820
    Services: N/A

    Image Name: SynTPHelper.exe
    PID: 4892
    Services: N/A

    Image Name: ctfmon.exe
    PID: 3016
    Services: N/A

    Image Name: svchost.exe
    PID: 3140
    Services: p2pimsvc
    p2psvc
    PNRPAutoReg
    PNRPsvc

    Image Name: taskeng.exe
    PID: 5248
    Services: N/A

    Image Name: HPSF.exe
    PID: 5280
    Services: N/A

    Image Name: svchost.exe
    PID: 5308
    Services: defragsvc

    Image Name: HPSA_Service.exe
    PID: 5836
    Services: HP Support Assistant Service

    Image Name: HPWA_Service.exe
    PID: 5984
    Services: HP Wireless Assistant Service

    Image Name: chrome.exe
    PID: 6052
    Services: N/A

    Image Name: chrome.exe
    PID: 6060
    Services: N/A

    Image Name: hpqwmiex.exe
    PID: 372
    Services: hpqwmiex

    Image Name: chrome.exe
    PID: 1104
    Services: N/A

    Image Name: chrome.exe
    PID: 4012
    Services: N/A

    Image Name: svchost.exe
    PID: 4192
    Services: RemoteRegistry

    Image Name: RtVOsdService.exe
    PID: 4868
    Services: RtVOsdService

    Image Name: RtVOsd.exe
    PID: 5960
    Services: N/A

    Image Name: svchost.exe
    PID: 3632
    Services: SDRSVC

    Image Name: TrustedInstaller.exe
    PID: 5628
    Services: TrustedInstaller

    Image Name: taskeng.exe
    PID: 6128
    Services: N/A

    Image Name: SearchProtocolHost.exe
    PID: 5788
    Services: N/A

    Image Name: SearchFilterHost.exe
    PID: 1552
    Services: N/A

    Image Name: sdclt.exe
    PID: 2188
    Services: N/A

    Image Name: WmiPrvSE.exe
    PID: 5144
    Services: N/A

    Image Name: audiodg.exe
    PID: 360
    Services: N/A

    Image Name: cmd.exe
    PID: 2492
    Services: N/A

    Image Name: conhost.exe
    PID: 5768
    Services: N/A

    Image Name: tasklist.exe
    PID: 1212
    Services: N/A
    • 0

    #10
    varylou

    varylou

      Member

    • Topic Starter
    • Member
    • PipPip
    • 50 posts
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 7 Home Premium x64
    Ran by Patty (Administrator) on Wed 07/06/2016 at 10:06:21.50
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 184

    Failed to delete: C:\Users\Patty\Appdata\LocalLow\televisionfanatic (Folder)
    Failed to delete: C:\Users\Patty\AppData\Roaming\pcpro (Folder)
    Failed to delete: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CGJ3DU5N (Temporary Internet Files Folder)
    Failed to delete: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZD4TYOU (Temporary Internet Files Folder)
    Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\ProgramData\pc1data (Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{016FBF4F-AAAE-4639-BE2E-6718A9D85922} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{04FC111E-0B67-4FC7-B82D-2FA8E95E84D8} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{06FF4497-A80B-4ED1-889E-069C20FECC9F} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{0793AF25-E64A-4405-9757-44B46B5D7013} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{0912C6C9-3FCB-4C2B-9959-58794358ADF1} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{09782B9E-3B45-4DD9-AD58-00896D0D9EF9} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{0EE064AE-976E-4DAF-9257-274ECDE75792} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{10A7BF0D-649E-4272-BFC9-8AEE90274746} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{167B5F1A-FD24-48F6-96C0-F5BEBB80C33D} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{168B9368-0DE7-4FBD-9C8F-8F46454DF868} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{17A8FB82-85B8-4002-8806-3DB308A9DE48} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{17FE8C51-9A39-4DF4-98DE-A42B10D13D26} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{19DB01BA-929E-4D9B-8278-06EA29E3BD96} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{1ACAAE8E-5AB0-40AE-90E5-D86BA97D2317} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{1BE55338-D49E-407B-9D17-F70E49DDADD7} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{1C4198C8-7D05-4AE3-AA3B-5C8F199D6615} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{22CA373C-DB16-4062-BBA4-528B81B15A1B} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{23893E79-D795-4F6E-BEA3-4F7BA267AA7D} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{26D2AB79-1497-4427-B536-1876174EFF85} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{2B5B829E-4237-44A2-92BC-DC7D635197A0} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{2CCA0796-76E7-416F-8592-27D007D4B8BF} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{2E07C7BD-4BF3-4F28-9AC4-F35AB63586D2} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{31A24087-B72D-4B39-A6C5-615DF9DB8EB3} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{36F9635D-E152-482E-97EB-90CC3F4A77FC} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{3BA96B91-AC2B-4E8F-8E5B-47476F37F871} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{3CFB4AB5-DB38-464B-9789-9D3D27FA0FA4} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{3D19B8F9-7102-4CAA-9939-A39EBB321711} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{3DFF4808-9DB7-4206-A221-F1C140680EED} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{40560F48-CF9D-468F-BA14-BF3EFD35A8A3} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{405DED14-BAD5-4488-B52E-89563B0551FB} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{41751250-492C-423B-8208-8464F26537B8} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{42EB3B12-3240-4D29-AEF8-936A6608E52C} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{43723CC0-7C0E-41AD-BEC8-2BD7C0A3EF4C} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{45FBA213-9E2B-4532-ACA1-E7FA317628D4} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{460DC501-4BC3-446F-BAFF-951BF47CD18D} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{46DE05DE-AFB2-4EFD-9797-AD2802100D2D} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{474C9C92-101F-4FC8-94A4-E472463E905C} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{47B458E7-08A9-4585-80E3-87199F1D3695} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{49DFC417-FA7F-4899-B50D-2399995D9EAA} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{4D213520-EA45-43C8-8258-A52920F5EED5} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{510B51BC-1EB6-4DBE-8460-4FBE0883641E} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{53D71488-17CE-4ADB-901F-03618C043AEA} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{56D333B6-A003-4C4A-924E-FE8B68D94C78} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{5936FE32-AC57-4D3D-A56F-F33E84DDCC25} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{5C5C2402-6627-4DC4-ACCE-2F1AFA98C38D} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{5E80EB0B-E901-40A6-A1F0-3D40EBFF3778} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{61721BFE-D964-4F82-BF91-460B28874146} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{619C420E-37DF-492E-9DA2-A552BA038E47} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{65931A96-201E-47CC-B23F-EF30E669AAAE} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{671F8907-D4D4-48CC-8E94-875DD79E55DE} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{6C2F1524-94FA-4BD7-A238-F1D1424777C0} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{6EDD4E4A-FD6C-47E2-BBD8-B55AAE28F591} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{70380D65-4D5D-4F7A-93A3-8B5D91A60845} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{716CA90A-9B2E-410D-98F4-05A21B4E9D15} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{721A1AE4-9707-4A93-9085-77714F336AA7} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{7315342F-CF8D-444F-B371-BCE3B09A663E} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{78687E22-3AA0-4B5B-90F5-90CE1A11F737} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{7AFB0D3D-9248-4264-A26E-2A04F02BAA73} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{7F2DD1CC-4ED7-472B-9DF4-6F82AFB31198} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{7FD0D4AB-F1DD-42C1-9E04-5BADDED0E28A} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{84A88CAC-0C2B-444E-85BC-D18F7F7DCB96} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{87A5DB53-BFE9-4501-B1C2-6824CB996022} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{88AAE4C3-C1D0-4E5E-8D41-53DCA426DEA8} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{89FAE145-1458-41D9-A460-C8E63CD2A246} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{8CF0130F-BEF6-4F5E-A8B1-923A052C25E6} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{8D790E2B-BA7D-4249-BD52-A38C72ADE4FB} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{91A0302B-C7BA-409C-A082-3C8A17860A6D} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{939C6F1C-680E-4BCF-A75D-534C2AE3B710} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{93EF6D0A-646C-40FA-A88F-A94ED86CF050} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{94D810BF-49AD-4E18-945B-B3AE5AA7B276} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{95456A09-1DD5-43B1-93D7-8BCA9F564643} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{9AFB4AB2-399C-4D3E-82B6-340885FEFE3A} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{9CE4FEDC-6530-4AED-99D3-EDB34559E428} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{9E773D01-E908-4ECE-BA03-BC6A1152037B} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{9EBE0610-8422-424A-BDA4-C1723A4F104B} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{A0A58FB5-5645-44C6-9C0C-1DAE77F2E7B2} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{A191ECD7-7743-484A-8490-90B0FA92565D} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{A79CDDAB-C743-415F-9AED-82D77352DBFD} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{A87D77D9-FADF-4EAC-B1FB-27C56540000D} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{AA6E5D34-8B8C-4845-95E2-C4FE12CE8D41} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{AAA9C801-330E-40D3-BBCD-66FD9F9ECEFA} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{AF4ACF2E-D856-4500-9B90-E013A2BF83F4} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{B2250FFE-94C9-4439-A974-B219C1CE3D48} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{B41C01A5-FC0C-4C6F-81FD-64D344099D8A} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{B4884906-BA2A-4801-A0B0-A9B9B2B2692C} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{B5E04081-9BF4-467A-A2B9-02D45C12AB2C} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{B6EBB031-4606-4B7F-BDCF-C9169110268C} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{B8053F26-8FED-49F7-B382-33316CCF5F24} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{B937523B-46D6-456C-BF99-294527A923E6} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{BA3ED641-1DEF-48C5-9EA4-30EFE206615F} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{BDD9D8BC-B09A-423B-B1C5-89E45EA9876E} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{C1687139-0952-413B-B537-7618426CBE66} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{C1D93A52-3B9E-45E9-BC46-852D02963C6B} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{C1E68CCC-8F9C-46D4-A1D7-1C801E5F019D} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{C3F072FF-4770-4BDE-8282-17BAA33C639F} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{C4408E18-1019-4E69-A898-07EAFA3BCA73} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{C57AF457-A1D1-40DF-AB00-881D5D8EF0DC} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{C7375A7B-1B84-4109-86E5-C0A1BA011D16} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{C9E4DCD3-F14B-425A-A2CD-3C0EB6587612} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{CB7C07D6-A90B-485E-9899-CA43CCE3CFDE} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{CC6E39E3-8E4F-45CB-9606-C17E942BED7F} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{CDB98DF5-1698-4D5A-B716-B9C884C9A1A9} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{CFBFE005-11CE-4018-B4E9-A78C94B05AA1} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{D1A0B968-B893-49F0-88C0-F7266BD1525F} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{D26351F7-8CAE-41CD-884E-D655E4E01088} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{DC5468BE-3329-49F2-B76E-A255D9FE6A87} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{DD478579-C572-4E41-9A38-D4A80203587C} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{DD6994F8-A5D7-4EB1-AE7D-1BDAF5AB7E01} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{DE6D3B2B-F705-41E9-A62F-F5C0722DB154} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{E00CF732-4CA9-4000-AA7F-7CB27E3C5059} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{E0197113-4C5E-4D04-BD17-D6C95165F8B3} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{E3B6C79A-598F-45C8-A579-CDBCEF77EF8F} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{E44093DC-5A15-42B3-BA04-094FF3B82BE2} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{E5539854-4876-4089-961A-60A3699D9FA0} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{E6246700-9703-458B-9ACE-2D909E70BAB5} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{E68EEC5E-421A-42F8-8A11-42F324C9B7A0} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{EBF2A2E4-DFFB-4E69-820D-442396E490B7} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{F1DC79CC-EDC5-49E7-9118-512DEC25F21C} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{F2964F6C-2DFA-466F-99CA-8218BBE5769F} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{F2A35B0F-01AC-4D6F-84EE-B2242AD03146} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{F821C2AB-4D4F-4261-A434-0318166B3EC3} (Empty Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\{FC839701-BD1C-4D36-9EE0-7E6AB2909ECA} (Empty Folder)
    Successfully deleted: C:\Users\Patty\Appdata\LocalLow\mapsgalaxy_39 (Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UCWFQSD (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VB5N8VJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FQ92OLS (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QDR7YJK (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JUAHLTI (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9QQO23JK (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BH4H4R84 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENPBHZDU (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1V35TQV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9NMXPT8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJ2KL5WK (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KED5M23K (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LY9D0OBL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MAGJ7MMB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QIJ3VLLM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUUVRQPT (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWNT5WZT (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SAPY9EB2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUETXROZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWYPBSQW (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXY602MY (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Patty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFXX3WQK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\prefetch\AVG_PROTECTION_FREE_1597.EXE-C7D15BA0.pf (File)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UCWFQSD (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VB5N8VJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FQ92OLS (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QDR7YJK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7JUAHLTI (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9QQO23JK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BH4H4R84 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CGJ3DU5N (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENPBHZDU (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1V35TQV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9NMXPT8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZD4TYOU (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJ2KL5WK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KED5M23K (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LY9D0OBL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MAGJ7MMB (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QIJ3VLLM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUUVRQPT (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWNT5WZT (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SAPY9EB2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUETXROZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWYPBSQW (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXY602MY (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFXX3WQK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\SysWOW64\shoC586.tmp (File)



    Registry: 6

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B30088F6-5D5A-4355-BF1F-40D4A915AD96} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 07/06/2016 at 10:20:20.61
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP
    We didn't catch whatever SVCHOST it was that was acting up that time.  Was probably Windows Update and it finally finished.
     
     
    Start, Control Panel (View: Large Icons), Programs and Features, Turn Windows Features Off and On, (Will take a while for the window to populate)
    Please Uninstall:
     SiSoftware Sandra Lite XI.SP1a if you can.
     
    Now select Turn Windows Features Off and On, (Will take a while for the window to populate)
     
     
    Uncheck any of these you find with check marks:
     
    Indexing Service
    Intenet Information Services
    Intenet Information Services Hostble Webcore
    Microsoft Message Queue (MSMQ) Server
    RIP Listener
    Services for NPS
    Simple Network Management Protocol (SNMP)
    Simple TCPIP Services
    Subsystem for Unix-based Applications
    Telnet Client
    Telnet Server
    TFTP Client
    Windows Process Activation Service
    Windows TIFF IFilter
     
    OK 
     
    Do not let it reboot yet.
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

    • 0

    #12
    varylou

    varylou

      Member

    • Topic Starter
    • Member
    • PipPip
    • 50 posts
    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 06/07/2016 11:49:23 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 06/07/2016 6:43:32 PM
    Type: Error Category: 0
    Event: 8003 Source: bowser
    The master browser has received a server announcement from the computer LENOVO-G570 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D2DCDA8F-96C1-48BD-96AC-4E5A644C000D}. The master browser is stopping or an election is being forced.

    Log: 'System' Date/Time: 06/07/2016 6:43:24 PM
    Type: Error Category: 0
    Event: 7011 Source: Service Control Manager
    A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

    Log: 'System' Date/Time: 06/07/2016 6:38:15 PM
    Type: Error Category: 0
    Event: 4321 Source: NetBT
    The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.254.45. The computer with the IP address 192.168.254.26 did not allow the name to be claimed by this computer.

    Log: 'System' Date/Time: 06/07/2016 6:35:15 PM
    Type: Error Category: 0
    Event: 3095 Source: NETLOGON
    This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

    Log: 'System' Date/Time: 06/07/2016 6:30:05 PM
    Type: Error Category: 0
    Event: 30 Source: FTPSVC
    The event description cannot be found.

    Log: 'System' Date/Time: 06/07/2016 6:29:22 PM
    Type: Error Category: 0
    Event: 1500 Source: SNMP
    The event description cannot be found.

    Log: 'System' Date/Time: 06/07/2016 6:29:22 PM
    Type: Error Category: 0
    Event: 1500 Source: SNMP
    The event description cannot be found.

    Log: 'System' Date/Time: 06/07/2016 6:29:22 PM
    Type: Error Category: 0
    Event: 1500 Source: SNMP
    The event description cannot be found.

    Log: 'System' Date/Time: 06/07/2016 6:29:20 PM
    Type: Error Category: 0
    Event: 1500 Source: SNMP
    The event description cannot be found.

    Log: 'System' Date/Time: 06/07/2016 6:29:20 PM
    Type: Error Category: 0
    Event: 1500 Source: SNMP
    The event description cannot be found.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 06/07/2016 6:36:52 PM
    Type: Warning Category: 0
    Event: 20169 Source: RemoteAccess
    Unable to contact a DHCP server. The Automatic Private IP Address 169.254.100.56 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

    Log: 'System' Date/Time: 06/07/2016 6:35:12 PM
    Type: Warning Category: 0
    Event: 121 Source: MSiSCSI
    The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

    Log: 'System' Date/Time: 06/07/2016 6:35:03 PM
    Type: Warning Category: 0
    Event: 11 Source: Microsoft-Windows-Wininit
    Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

    Log: 'System' Date/Time: 06/07/2016 6:32:45 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.
    • 0

    #13
    varylou

    varylou

      Member

    • Topic Starter
    • Member
    • PipPip
    • 50 posts
    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 06/07/2016 11:53:54 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 06/07/2016 6:41:49 PM
    Type: Error Category: 0
    Event: 1107 Source: .NET Runtime Optimization Service
    .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Web.Management.FtpClient, Version=7.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
    .

    Log: 'Application' Date/Time: 06/07/2016 6:41:49 PM
    Type: Error Category: 0
    Event: 1107 Source: .NET Runtime Optimization Service
    .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Web.Administration, Version=7.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
    .

    Log: 'Application' Date/Time: 06/07/2016 6:41:49 PM
    Type: Error Category: 0
    Event: 1107 Source: .NET Runtime Optimization Service
    .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Web.Management, Version=7.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
    .

    Log: 'Application' Date/Time: 06/07/2016 6:41:49 PM
    Type: Error Category: 0
    Event: 1107 Source: .NET Runtime Optimization Service
    .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Web.Management.IisClient, Version=7.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
    .

    Log: 'Application' Date/Time: 06/07/2016 6:41:49 PM
    Type: Error Category: 0
    Event: 1107 Source: .NET Runtime Optimization Service
    .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Web.Management.AspnetClient, Version=7.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
    .

    Log: 'Application' Date/Time: 06/07/2016 6:29:18 PM
    Type: Error Category: 0
    Event: 4005 Source: TlntSvr
    The event description cannot be found.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 06/07/2016 6:41:20 PM
    Type: Warning Category: 0
    Event: 6006 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <TrustedInstaller> took 104 second(s) to handle the notification event (CreateSession).

    Log: 'Application' Date/Time: 06/07/2016 6:40:36 PM
    Type: Warning Category: 0
    Event: 6005 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).

    Log: 'Application' Date/Time: 06/07/2016 6:37:52 PM
    Type: Warning Category: 0
    Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
    Certificate for local system with Thumbprint d6 41 c8 dc 82 87 14 9d e2 09 1c 87 4a 2c c6 32 d2 09 30 69 is about to expire or already expired.

    Log: 'Application' Date/Time: 06/07/2016 6:27:00 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-1232287608-1843942127-1758789870-1002:
    Process 1160 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002
    Process 1160 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1232287608-1843942127-1758789870-1002\Software\Microsoft\RAS AutoDial
    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,025 posts
    • MVP

    Search for

     

    services.msc

     

    and hit Enter to bring up the services Window.

     

    Find  Microsoft FTP Service and right click on it and select Properties.  Change the Startup Type: to Disabled.  Apply.  Stop the service

     

     

    Repeat for any of these you can find:

    MICROSOFT ISCSI INITIATOR SERVICE

    SNMP Service

    SNMP Trap
    SNMP Trap Service

    Telnet Server

     Web Management Service

     

    For

     

    Netogon

    Remote Access Auto Connection Manager

     

    set to Startup Type: Manual.

     

    Find Windows Modules Installer  

    It should be of Startup Type: Manual.  Make sure it is.  If it is running Stop it and then Start it.  Do you get an Error?  If not running try to Start it.  Do you get an Error?

    Repeat for Background Intelligent Transfer Service

     

     

    Close the Services Window.

     

    Follow the procedure here:  https://marjanrepic....-windows-7-ent/

     

    to turn off  NetBIOS over TCP/IP

     

    (Hit OK after the last step.)

     

     

     

    Download the attached appid.zip file.  Right click on it and Extract All

     

    Attached File  appid.zip   323bytes   56 downloads

     

    Right click on appid.reg and Merge.

     

     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
     
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     

    • 0

    #15
    varylou

    varylou

      Member

    • Topic Starter
    • Member
    • PipPip
    • 50 posts
    no errors with Windows Modular Installer or Background Intelligent Transfer Service.

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 06/07/2016 2:08:59 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 06/07/2016 9:00:41 PM
    Type: Error Category: 0
    Event: 7011 Source: Service Control Manager
    A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 06/07/2016 9:02:31 PM
    Type: Warning Category: 0
    Event: 20169 Source: RemoteAccess
    Unable to contact a DHCP server. The Automatic Private IP Address 169.254.71.87 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

    Log: 'System' Date/Time: 06/07/2016 8:57:52 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.
    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP