Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

windows 8.1 pro slow [Closed]

Started by Becky616 , Oct 10 2016 03:37 PM

  • This topic is locked This topic is locked

#1
Becky616
Posted 10 October 2016 - 03:37 PM

Becky616

    Member

  • Member
  • PipPip
  • 27 posts

Hi

I recently deleted several programs from my computer that weren't being used and a lot of files, pictures and documents. Now the computer is slow at shutting down and on restarting. When turning on computer it sits there then goes to blank screen then to welcome screen and circle just keeps spinning and then finally to desktop and takes a while to load desktop. I don't know if I have a virus or what happened. It ran fine before I did this. It was slow but now really slow. I ran malwarebytes and nothing shows. Any advice would be greatly appreciated. Thank you Becky 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-10-2016
Ran by jim (administrator) on ANN-PC (10-10-2016 17:18:45)
Running from C:\Users\jim\Desktop
Loaded Profiles: jim (Available Profiles: jim)
Platform: Microsoft Windows 8.1 Pro (Update) (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-08-01] (AVAST Software)
HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-06] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{586A7A0F-C41F-44F1-92DC-65D8FD042321}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-06] (AVAST Software)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-06]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-06]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-04] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default [2016-10-10]
CHR Extension: (Google Docs) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-04]
CHR Extension: (Google Drive) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-04]
CHR Extension: (YouTube) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-04]
CHR Extension: (Google Docs Offline) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-04]
CHR Extension: (Gmail) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-04]
CHR Extension: (Chrome Media Router) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-06] (AVAST Software)
S4 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S4 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-06-06] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-06-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-06-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-06-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-06-06] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [815792 2016-06-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [449640 2016-06-06] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [124808 2016-06-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-08-12] (AVAST Software)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63l.sys [4715008 2013-07-01] (Broadcom Corporation)
S3 netr28u; C:\WINDOWS\system32\DRIVERS\netr28u.sys [1696528 2013-06-18] (Ralink Technology Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
S3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-28] (Microsoft Corporation)
S1 MpKsl3e3d4e73; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4E22EC1-B5BA-4EB9-81D2-146C6D02A629}\MpKsl3e3d4e73.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-10 17:18 - 2016-10-10 17:19 - 00008029 _____ C:\Users\jim\Desktop\FRST.txt
2016-10-10 17:18 - 2016-10-10 17:18 - 00000000 ____D C:\FRST
2016-10-10 17:14 - 2016-10-10 17:14 - 01757184 _____ (Farbar) C:\Users\jim\Desktop\FRST.exe
2016-10-10 01:55 - 2016-10-10 01:56 - 00000000 ____D C:\Users\jim\Themes
2016-10-09 17:21 - 2016-10-09 17:21 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-10-09 13:42 - 2016-09-06 21:11 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-10-09 13:42 - 2016-09-06 21:11 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-10-09 13:22 - 2016-08-31 23:08 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-09 13:22 - 2016-08-31 22:46 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-09 13:22 - 2016-08-31 22:24 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-10-09 13:22 - 2016-08-31 21:39 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-09 13:22 - 2016-08-31 21:24 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-09 13:22 - 2016-08-31 20:43 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-09 13:22 - 2016-08-31 20:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-09 13:22 - 2016-08-26 00:44 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-09 13:21 - 2016-08-31 21:30 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-09 13:21 - 2016-08-31 21:27 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-09 13:21 - 2016-08-31 20:38 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-09 13:21 - 2016-08-26 00:00 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-10-09 13:21 - 2016-08-20 19:05 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-10-09 13:21 - 2016-08-20 18:27 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-09 13:21 - 2016-08-14 14:14 - 01403320 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-09 13:21 - 2016-08-14 13:22 - 03475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-10-09 13:21 - 2016-08-13 03:45 - 05761880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-09 13:21 - 2016-08-13 03:44 - 01471544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-10-09 13:21 - 2016-08-13 03:44 - 01395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-09 13:21 - 2016-08-13 03:44 - 01284576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-09 13:21 - 2016-08-13 03:44 - 01271152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-09 13:21 - 2016-08-13 03:44 - 01173016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-09 13:21 - 2016-08-12 18:19 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-10-09 13:21 - 2016-08-09 18:47 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-10-09 13:21 - 2016-08-02 01:15 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-10-09 13:21 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-10-09 13:21 - 2016-08-02 01:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-10-09 13:20 - 2016-09-08 17:51 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-10-09 13:20 - 2016-08-22 12:09 - 00136872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-10-09 13:20 - 2016-08-22 12:09 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-10-09 13:20 - 2016-08-20 20:01 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-10-09 13:20 - 2016-08-20 20:00 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-10-09 13:20 - 2016-08-20 19:59 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-10-09 13:20 - 2016-08-20 18:51 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-09 13:20 - 2016-08-20 18:50 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-10-09 13:20 - 2016-08-11 11:52 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-10-09 13:20 - 2016-08-11 11:48 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-10-09 13:20 - 2016-08-11 11:47 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-10-09 13:20 - 2016-08-04 10:17 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-10-09 13:20 - 2016-08-03 13:07 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-10-09 13:20 - 2016-08-03 13:07 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-10-09 13:20 - 2016-07-12 10:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-09 13:20 - 2016-07-09 11:55 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-10-09 13:20 - 2016-07-08 18:39 - 00082776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2016-10-09 13:20 - 2016-07-08 10:25 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-09 13:20 - 2016-07-08 10:17 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-10-09 13:20 - 2016-07-08 10:17 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2016-10-09 13:20 - 2016-07-07 16:34 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2016-10-09 13:20 - 2016-07-07 16:23 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2016-10-09 13:20 - 2016-07-07 16:18 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2016-10-09 13:20 - 2016-07-07 16:11 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-10-09 13:20 - 2016-07-07 16:11 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll
2016-10-09 13:20 - 2016-07-07 15:35 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-10-09 13:20 - 2016-07-07 15:29 - 00735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-10-09 13:20 - 2016-07-07 15:23 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-10-09 13:20 - 2016-07-07 15:22 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-10-09 13:20 - 2016-07-07 15:18 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-10-09 13:20 - 2016-07-07 15:14 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-10-09 13:20 - 2016-07-04 00:11 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-10-09 13:20 - 2016-07-03 23:10 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2016-10-09 13:20 - 2016-07-03 23:04 - 02539008 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-09 13:20 - 2016-07-03 23:02 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-10-09 13:20 - 2016-07-03 23:02 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-10-09 13:20 - 2016-07-03 22:16 - 02976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-10-09 13:20 - 2016-07-01 16:39 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssenh.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-10 16:49 - 2016-08-04 12:38 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-10 15:35 - 2016-08-04 12:38 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-10 15:34 - 2016-08-03 21:40 - 00144470 _____ C:\WINDOWS\ntbtlog.txt
2016-10-10 03:00 - 2013-08-22 03:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-10 02:24 - 2013-08-22 02:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-10-10 01:56 - 2014-10-03 17:38 - 00000000 ____D C:\Users\jim
2016-10-09 19:50 - 2014-10-22 18:25 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2016-10-09 19:43 - 2011-10-12 19:42 - 00000000 ___RD C:\Users\jim\Desktop\program downloads
2016-10-09 17:38 - 2014-10-13 20:25 - 00000000 ____D C:\Users\jim\Documents\My Data Files
2016-10-09 17:36 - 2012-05-17 23:48 - 00000000 ____D C:\Users\jim\Desktop\shortcut icons
2016-10-09 16:52 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\rescache
2016-10-09 15:22 - 2013-12-11 01:10 - 00000000 ____D C:\Users\jim\AppData\Local\VirtualStore
2016-10-09 14:44 - 2014-03-18 04:00 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-09 14:44 - 2013-08-22 02:21 - 00000000 ____D C:\WINDOWS\inf
2016-10-09 14:23 - 2016-08-04 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-10-09 14:02 - 2014-01-06 17:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-09 13:54 - 2014-01-06 17:03 - 141747376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-09 13:54 - 2013-08-22 04:17 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-09 13:54 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-09 13:40 - 2013-08-22 03:22 - 00335400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-09 13:35 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\setup
2016-10-09 13:35 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-10-09 13:35 - 2012-07-26 02:43 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-09 13:15 - 2016-08-02 02:15 - 00479312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-09 13:15 - 2016-08-02 02:15 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-10-09 13:15 - 2016-08-02 02:15 - 00148824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-10-09 13:06 - 2016-08-04 12:52 - 00002163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-08-04 16:24 - 2016-08-04 16:26 - 0004608 _____ () C:\Users\jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-11 00:17 - 2014-10-11 00:17 - 0000017 _____ () C:\Users\jim\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-10 15:56

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-10-2016
Ran by jim (10-10-2016 17:19:48)
Running from C:\Users\jim\Desktop
Microsoft Windows 8.1 Pro (Update) (X86) (2014-10-03 22:00:48)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2591139470-2079622777-1480923985-500 - Administrator - Disabled)
Guest (S-1-5-21-2591139470-2079622777-1480923985-501 - Limited - Enabled)
jim (S-1-5-21-2591139470-2079622777-1480923985-1000 - Administrator - Enabled) => C:\Users\jim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.2 - Auslogics Software Pty Ltd)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iSkysoft Data Recovery(Build 1.2.0.6) (HKLM\...\{656DB838-DB63-4acd-82E3-BB363ED99116}_is1) (Version: 1.2.0.6 - iSkysoft Software Co.,Ltd.)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.24.0 - Ralink)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
RICOH R5U8xx Media Driver ver.3.62.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH)
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1309F641-D96C-4266-8FCC-08BC2AB0851B} - System32\Tasks\SafeZone scheduled Autoupdate 1455255454 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {1ACDF313-BAD2-44D1-93CD-43CC89F90530} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-04] (Google Inc.)
Task: {44D0DE3F-26D5-4499-8159-A6F3ECDA9E48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-04] (Google Inc.)
Task: {8B601E6D-E433-41B4-9F02-A4911D8FA191} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-06] (AVAST Software)
Task: {ABAF52CF-61F1-4100-9E0C-C596F79EB59C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {B8E94945-76E8-42BA-9004-2B863616FC8B} - System32\Tasks\{0B45C01B-7366-4336-AEAD-4BC23257ED91} => pcalua.exe -a "C:\Program Files\Windows Live\Installer\wlarp.exe"
Task: {D699F0B9-23B7-492F-8BD0-74A6A33D2050} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-06-06 22:28 - 2016-06-06 22:28 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-06-06 22:28 - 2016-06-06 22:28 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-09 13:01 - 2016-10-09 13:01 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16100900\algo.dll
2016-06-06 22:28 - 2016-06-06 22:28 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-06-06 22:28 - 2016-06-06 22:28 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-10 15:35 - 2016-10-10 15:35 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16101003\algo.dll
2016-02-12 01:26 - 2016-02-12 01:27 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4791 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 02:13 - 2013-08-22 02:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jim\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RaMediaServer => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A019A72D-48D7-422C-8A04-F78D7D3B3DD6}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FEB0DBB1-1928-4BDF-B97F-C3A0108BA4CE}] => (Allow) LPort=1900
FirewallRules: [{F1823DAF-174B-43F9-96FA-72F51905C26C}] => (Allow) LPort=2869
FirewallRules: [{D10736D3-DB84-4A1C-96B6-2DC7F3721E92}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FC1F58F8-871E-4303-97E5-01B6EABF1701}] => (Allow) C:\Program Files\Ralink\Common\RaMediaServer.exe
FirewallRules: [{9D6464D8-E782-46AC-8E2F-6AED3A8BB4BB}] => (Allow) C:\Program Files\Ralink\Common\RaMediaServer.exe
FirewallRules: [{470805FF-04C8-4DB7-9C41-131E6371B973}] => (Allow) C:\Program Files\Ralink\Common\RaUI.exe
FirewallRules: [{A3A6B5CA-7B45-4EED-BB2A-749342EAB0A0}] => (Allow) C:\Program Files\Ralink\Common\RaUI.exe
FirewallRules: [{7E04CEFB-1852-4C6B-8AAD-797177470729}] => (Allow) C:\Program Files\Ralink\Common\RaMediaServer.exe
FirewallRules: [{9F89C310-50B6-4841-8A77-954E292D9F01}] => (Allow) C:\Program Files\Ralink\Common\RaMediaServer.exe
FirewallRules: [{19516769-816F-4367-9101-E5C0F771C41E}] => (Allow) C:\Program Files\Ralink\Common\RaUI.exe
FirewallRules: [{7DEB0DD5-73D1-4226-823B-7CA9535B44E1}] => (Allow) C:\Program Files\Ralink\Common\RaUI.exe
FirewallRules: [{435E26D9-18C9-4276-9CBE-BC34BF46C58B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-09-2016 11:19:10 Scheduled Checkpoint
09-10-2016 13:22:40 Windows Update
09-10-2016 15:18:54 Revo Uninstaller's restore point - Hardwood Euchre
09-10-2016 15:22:34 Revo Uninstaller's restore point - Mozilla Thunderbird 45.1.1 (x86 en-US)
09-10-2016 15:23:52 Revo Uninstaller's restore point - Mozilla Maintenance Service
09-10-2016 16:11:59 JRT Pre-Junkware Removal
09-10-2016 17:20:57 Removed Windows 7 USB/DVD Download Tool
09-10-2016 17:26:33 Revo Uninstaller's restore point - Speccy
09-10-2016 17:28:48 Revo Uninstaller's restore point - RuneScape Launcher 1.2.7
09-10-2016 17:29:08 Removed RuneScape Launcher 1.2.7

==================== Faulty Device Manager Devices =============

Name: Broadcom 440x 10/100 Integrated Controller
Description: Broadcom 440x 10/100 Integrated Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: bcm4sbxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2016 08:21:46 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (10/09/2016 05:29:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (10/09/2016 05:29:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (10/09/2016 05:28:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (10/09/2016 05:28:47 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {56f6582b-7004-4b1c-8a9b-57cbf0ce161b}

Error: (10/09/2016 05:26:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (10/09/2016 05:26:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {56f6582b-7004-4b1c-8a9b-57cbf0ce161b}

Error: (10/09/2016 05:20:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (10/09/2016 05:20:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (10/09/2016 04:12:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

System errors:
=============
Error: (10/10/2016 03:56:41 PM) (Source: DCOM) (EventID: 10010) (User: ANN-PC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (10/10/2016 03:56:11 PM) (Source: DCOM) (EventID: 10010) (User: ANN-PC)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (10/10/2016 03:50:48 PM) (Source: DCOM) (EventID: 10010) (User: ANN-PC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (10/10/2016 03:50:18 PM) (Source: DCOM) (EventID: 10010) (User: ANN-PC)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (10/09/2016 10:28:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppX Deployment Service (AppXSVC) service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (10/09/2016 10:28:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The AppXSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/09/2016 10:27:50 PM) (Source: DCOM) (EventID: 10010) (User: ANN-PC)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (10/09/2016 08:26:26 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/09/2016 06:20:08 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/09/2016 04:44:34 PM) (Source: DCOM) (EventID: 10010) (User: ANN-PC)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

==================== Memory info ===========================

Processor: Mobile AMD Sempron™ Processor 3500+
Percentage of memory in use: 40%
Total physical RAM: 1918.04 MB
Available physical RAM: 1146.45 MB
Total Virtual: 4734.04 MB
Available Virtual: 3879.47 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:64.45 GB) (Free:35.02 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=64.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
Bruce1270
Posted 16 October 2016 - 02:57 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hello Becky616 and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    Sorry for the delay. I'll have a look through the logs and post some further instructions. :)

    Did you use a particular program to delete your programs and files?

  • 0

#3
Bruce1270
Posted 16 October 2016 - 03:40 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Becky616

I'm not seeing anything malware related but try this fix and run adwCleaner and let me know how the machine is running.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
S1 MpKsl3e3d4e73; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4E22EC1-B5BA-4EB9-81D2-146C6D02A629}\MpKsl3e3d4e73.sys [X]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - AdwCleaner

    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner1_zpsfhqm5c1w.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options
    adwcleaner2_zpsewujy48f.jpg
    tick to reset -
    IE policies
    Chrome policies
    Chrome preferences
  • When finished, please click Cleaning button.
  • when cleaning is finished, you may be prompted to restart your computer.
  • Upon completion, a log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Things for your next post:
  • fixlog.txt
  • AdwCleaner[C*].txt
  • How is the computer running now?

  • 0

#4
Becky616
Posted 17 October 2016 - 12:28 AM

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Bruce thank for the help. I just deleted some of my files and documents and used revo uninstall to delete some programs.This started after a reboot of computer. I ran fixlist and adwcleaner. Here are the flies on the results. The computer is only a little bit quicker on restart but not much.

Fix result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by jim (17-10-2016 02:00:41) Run:1
Running from C:\Users\jim\Desktop
Loaded Profiles: jim (Available Profiles: jim)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
S1 MpKsl3e3d4e73; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4E22EC1-B5BA-4EB9-81D2-146C6D02A629}\MpKsl3e3d4e73.sys [X]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
EmptyTemp:

*****************

Restore point was successfully created.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
MpKsl3e3d4e73 => service removed successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 12 while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::106f:76c1:affb:41ac%4
Default Gateway . . . . . . . . . :

Tunnel adapter isatap.Home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1894:1054:3f57:febd
Link-local IPv6 Address . . . . . : fe80::1894:1054:3f57:febd%6
Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 12 while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : Home
Link-local IPv6 Address . . . . . : fe80::106f:76c1:affb:41ac%4
IPv4 Address. . . . . . . . . . . : 192.168.1.66
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254

Tunnel adapter Reusable ISATAP Interface {6D10266A-8173-48F2-8807-43B0B105BF49}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:3c44:2d75:3f57:febd
Link-local IPv6 Address . . . . . : fe80::3c44:2d75:3f57:febd%6
Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 54525952 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30570001 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2067848 B
Edge => 0 B
Chrome => 5664533 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 35042 B
NetworkService => 640 B
jim => 11038367 B

RecycleBin => 0 B
EmptyTemp: => 99.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 02:01:18 ====

# AdwCleaner v6.021 - Logfile created 17/10/2016 at 02:16:13
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-16.1 [Server]
# Operating System : Windows 8.1 Pro (X86)
# Username : jim - ANN-PC
# Running from : C:\Users\jim\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1393 Bytes] - [15/10/2016 00:15:35]
C:\AdwCleaner\AdwCleaner[C2].txt - [797 Bytes] - [17/10/2016 02:16:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [1474 Bytes] - [15/10/2016 00:15:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [1262 Bytes] - [17/10/2016 02:14:12]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1015 Bytes] ##########
  • 0

#5
Bruce1270
Posted 17 October 2016 - 02:19 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Becky616

Ok. The Logs look clean but we'll try a second opinion scanner. :)

Step1 - Scan with Emsisoft Emergency Kit
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, if items are detected make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt_zps9rvyqyyd.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3_zpsnumgwse6.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

  • 0

#6
Becky616
Posted 17 October 2016 - 09:36 PM

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi Bruce

I ran the emsisoft but it found nothing. Here's the result. If I still had original discs I would just do a reinstall of the system but when this was bought it had vista and I went to Microsoft and did a upgrade to windows 8.1 and have no disc for that either. Thanks for all your help here. System still running the same not much change.

 

Emsisoft Emergency Kit - Version 11.9
Last update: 10/17/2016 11:12:02 PM
User account: ANN-PC\jim
Computer name: ANN-PC
OS version: Windows 8.1x86

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 10/17/2016 11:13:27 PM

Scanned 72767
Found 0

Scan end: 10/17/2016 11:21:30 PM
Scan time: 0:08:03


  • 0

#7
Bruce1270
Posted 18 October 2016 - 05:54 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Becky616

I suspected it wouldn't find anything. Your issue is not malware related. Often a slow start up can be caused by service(s) or start up items so we can have a look at this. We'll put the system into clean boot and enable services/start up items to see if we can identify any causing an issue.

Step1 - Clean Boot

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
Note:The Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
cleanboot2.JPG
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.

OK now the boring bit

In normal mode open MSConfig as before
Go to the services tab and re-enable half of those that you disabled
Reboot

If it freezes untick the services one at a time, rebooting after each one to determine the one causing the problem.
If it still boots normally and does not freeze then re-enable half of the remaining services and reboot.
Again if it freezes, untick each service one at a time and reboot.
The aim is to isolate the dodgy service


Let me know how this goes and which service, if any is causing the issue.
  • 0

#8
Becky616
Posted 18 October 2016 - 06:02 PM

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi Bruce

 

Well that didn't work well. I did this. After hiding all microsoft services only had two services running my avast and google update disabled them and computer still started up the same. So I guess the problems not here. Where do I go from here? Even when doing a restart computer shuts down says restarting and circle just spins then finally restarts. I wish I knew what happened it was working okay before. I mean it wasn't the fastest but this is so slow. 


  • 0

#9
Bruce1270
Posted 19 October 2016 - 02:08 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Becky616
 

If I still had original discs I would just do a reinstall of the system


If the system is not working the way it should there is an option with windows 8.1 to "refresh" the PC. This will reinstall the windows system and leave your data and personal settings intact.

Please note that if you upgraded from windows 8 to 8.1 refreshing your PC will put the system back to windows 8 and you will need to update to windows 8.1 again.

You will also lose any apps installed from websites or by DVD.

If you want to try this:

Back up your data first and then follow the guide here.

Follow the instructions to Refresh your PC.

If you don't want to try this let me know and I will see what else we can come up with to try :)

If you refresh let me know the outcome.
  • 0

#10
Becky616
Posted 19 October 2016 - 10:35 PM

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi Bruce

I went to the refresh your pc without affecting your files. After the circle spins for a while a dialog box of sorts appears and says insert media. some files are missing. your installation or recovery media will provide these files. then a button that says cancel. I have no disc. I don't want to go back to vista that was what was on the computer when I bought it. If I remember correctly when windows 8 came out I went to Microsoft and paid to download it from there if memory serves me right I never got a disc and then shortly after I upgraded to windows 8.1 I have no discs so if I do a refresh it wants me to insert media I have none. Don't know what to do. There's no sense in me trying to talk to Microsoft cause all they want is you to upgrade to windows 10. This little computer won't handle that and I can't afford a new one. Is there anything else I can do.   


Edited by Becky616, 19 October 2016 - 10:38 PM.

  • 0

Advertisements

#11
Bruce1270
Posted 20 October 2016 - 03:05 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Becky616

You can create your own installation media for windows 8.1 to do a repair of windows.

Step1 - Download the windows 8.1 ISO file
  • Download the windows 8.1 ISO file from here.
  • Click on Windows 8.1
  • Select the Windows Edition. Choose windows 8.1. Click Confirm.
  • Select the product language and confirm.
  • Choose the 32 bit download link.
  • Save the .iso file to your desktop.


    You can then do a repair of windows which will keep all of your settings. Follow the guide here. At step 3 select option 5 for ISO file and follow the instructions.

    Note: You can also download the ISO file to a USB drive to create a bootable USB media for future use. You will need a USB drive with at least 4GB space.


    Step2 - create bootable device using Rufus

    Download Rufus to the desktop.
    Insert the USB stick Then run Rufus.
    RufusISO.JPG

    Select the windows ISO file on the desktop via the ISO icon in Rufus.

    Press Start Burn. Let process complete.

    You now have a bootable USB device to reinstall windows 8.1. :)

    Let me know how you get on.

  • 0

#12
Becky616
Posted 22 October 2016 - 03:35 AM

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi Bruce

I did a repair. Computer is a little better with boot time and shutdown but now I have problems with IE 11 not responding or not working at all. Have to close it with task manager and noticed when in task manager my cpu is running at 99% to 100% all the time. When I scroll down it seems like something in service host hogging it. Computer really lagging on internet. Help please 


  • 0

#13
Bruce1270
Posted 22 October 2016 - 04:38 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi Becky616

Ok. Let's see what task manager is saying.

Step1
  • Right click on the taskbar along the bottom and click on Task Manager.
  • Click on the Processes Tab.
  • Click on the CPU heading to sort the column so the highest usage is at the top.
  • If there is a Service Host process running taking up most of the CPU click on the arrow beside to expand the details.
  • Either take a screenshot of this and post in your next reply or list all the services that are running from it and post these in your next reply.


    Step2 - Fresh FRST logs
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.


    Things for your next reply:
  • Task manager screenshot or list of services
  • FRST and addition logs

  • 0

#14
Becky616
Posted 22 October 2016 - 11:10 AM

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi Bruce

Hope this works. Screen shot giving me fits and took forever to run frst 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by jim (22-10-2016 12:45:00)
Running from C:\Users\jim\Desktop
Microsoft Windows 8.1 Pro (Update) (X86) (2016-10-22 03:05:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2591139470-2079622777-1480923985-500 - Administrator - Disabled)
Guest (S-1-5-21-2591139470-2079622777-1480923985-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2591139470-2079622777-1480923985-1006 - Limited - Enabled)
jim (S-1-5-21-2591139470-2079622777-1480923985-1000 - Administrator - Enabled) => C:\Users\jim
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.2 - Auslogics Software Pty Ltd)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iSkysoft Data Recovery(Build 1.2.0.6) (HKLM\...\{656DB838-DB63-4acd-82E3-BB363ED99116}_is1) (Version: 1.2.0.6 - iSkysoft Software Co.,Ltd.)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.24.0 - Ralink)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
RICOH R5U8xx Media Driver ver.3.62.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH)
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04344154-1D32-4D63-9162-7172BC063510} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {1309F641-D96C-4266-8FCC-08BC2AB0851B} - System32\Tasks\SafeZone scheduled Autoupdate 1455255454 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {1ACDF313-BAD2-44D1-93CD-43CC89F90530} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-04] (Google Inc.)
Task: {44D0DE3F-26D5-4499-8159-A6F3ECDA9E48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-04] (Google Inc.)
Task: {8B601E6D-E433-41B4-9F02-A4911D8FA191} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-06] (AVAST Software)
Task: {ABAF52CF-61F1-4100-9E0C-C596F79EB59C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {B8E94945-76E8-42BA-9004-2B863616FC8B} - System32\Tasks\{0B45C01B-7366-4336-AEAD-4BC23257ED91} => pcalua.exe -a "C:\Program Files\Windows Live\Installer\wlarp.exe"
Task: {D699F0B9-23B7-492F-8BD0-74A6A33D2050} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-06-06 22:28 - 2016-06-06 22:28 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-06-06 22:28 - 2016-06-06 22:28 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-21 11:45 - 2016-10-21 11:45 - 03121496 _____ () C:\Program Files\AVAST Software\Avast\defs\16102100\algo.dll
2016-06-06 22:28 - 2016-06-06 22:28 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-06-06 22:28 - 2016-06-06 22:28 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-22 08:59 - 2016-10-22 08:59 - 03121496 _____ () C:\Program Files\AVAST Software\Avast\defs\16102200\algo.dll
2016-02-12 01:26 - 2016-02-12 01:27 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-10-09 21:17 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\jim\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-10-09 21:17 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\jim\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4791 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 02:13 - 2016-10-17 02:01 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jim\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RaMediaServer => 3
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{E1CEC65F-88E9-4332-8496-40C1B3BD7C38}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{F68F18C4-B08F-4588-B5D3-C18804B48389}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe
 
==================== Restore Points =========================
 
22-10-2016 05:38:19 Revo Uninstaller's restore point - Belarc Advisor 8.5c
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom 440x 10/100 Integrated Controller
Description: Broadcom 440x 10/100 Integrated Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: bcm4sbxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/22/2016 06:09:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4dc
 
Start Time: 01d22c4bb40ab2c7
 
Termination Time: 9515
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 901f9f81-983f-11e6-b015-88e832b28e47
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/22/2016 05:38:18 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8c18b795-51bc-4cce-bb62-779ed8438085}
 
Error: (10/22/2016 04:12:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c9c
 
Start Time: 01d22c3b6c3cbf28
 
Termination Time: 375
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 301d6731-982f-11e6-b015-88e832b28e47
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/22/2016 01:35:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a28
 
Start Time: 01d22c25987ff0bd
 
Termination Time: 390
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 4a378d3b-9819-11e6-b015-88e832b28e47
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/22/2016 01:31:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9a8
 
Start Time: 01d22c253eadacb3
 
Termination Time: 296
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: ce85e634-9818-11e6-b015-88e832b28e47
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/21/2016 11:08:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANN-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/21/2016 11:07:05 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3272) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (10/21/2016 10:57:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./ROOT/Microsoft/protectionManagement namespace does not exist. The query will be ignored.
 
Error: (10/21/2016 10:57:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./ROOT/Microsoft/protectionManagement namespace does not exist. The query will be ignored.
 
Error: (10/21/2016 03:07:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.17415, time stamp: 0x54503c68
Faulting module name: ntdll.dll, version: 6.3.9600.18438, time stamp: 0x57ae4b64
Exception code: 0xc0000008
Fault offset: 0x0006ca47
Faulting process id: 0x1214
Faulting application start time: 0x01d22aa04ef0ee49
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f7ec45f9-975c-11e6-b012-d3e60396dc54
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (10/22/2016 05:19:53 AM) (Source: DCOM) (EventID: 10016) (User: ANN-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user ANN-PC\jim SID (S-1-5-21-2591139470-2079622777-1480923985-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/22/2016 05:18:23 AM) (Source: DCOM) (EventID: 10016) (User: ANN-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user ANN-PC\jim SID (S-1-5-21-2591139470-2079622777-1480923985-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/22/2016 05:18:16 AM) (Source: DCOM) (EventID: 10016) (User: ANN-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user ANN-PC\jim SID (S-1-5-21-2591139470-2079622777-1480923985-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/21/2016 11:41:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The service has not been started.
 
Error: (10/21/2016 11:08:51 PM) (Source: DCOM) (EventID: 10010) (User: ANN-PC)
Description: The server Microsoft.WindowsLive.Mail.AppXc44xwbp9kd84a2z6xvsv95wqf9kad67n.mca did not register with DCOM within the required timeout.
 
Error: (10/21/2016 11:03:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The BranchCache service terminated with the following service-specific error: 
%%1260 = This program is blocked by group policy. For more information, contact your system administrator.
 
Error: (10/21/2016 11:03:51 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (10/21/2016 10:34:30 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.
 
Error: (10/21/2016 10:32:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error: 
%%21 = The device is not ready.
 
Error: (10/21/2016 10:30:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IP Helper service terminated with the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
==================== Memory info =========================== 
 
Processor: Mobile AMD Sempron™ Processor 3500+
Percentage of memory in use: 52%
Total physical RAM: 1918.04 MB
Available physical RAM: 911.57 MB
Total Virtual: 4734.04 MB
Available Virtual: 3597.25 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:64.45 GB) (Free:38.57 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=64.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by jim (administrator) on ANN-PC (22-10-2016 12:23:45)
Running from C:\Users\jim\Desktop
Loaded Profiles: jim (Available Profiles: jim)
Platform: Microsoft Windows 8.1 Pro (Update) (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-08-01] (AVAST Software)
HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-06] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.2.1 192.168.1.1
Tcpip\..\Interfaces\{586A7A0F-C41F-44F1-92DC-65D8FD042321}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B299F7B7-E801-4EF9-943E-4882D48E1B70}: [DhcpNameServer] 192.168.1.1 192.168.2.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-2591139470-2079622777-1480923985-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-2591139470-2079622777-1480923985-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-06] (AVAST Software)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-06]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-06]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-04] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default [2016-10-17]
CHR Profile: C:\Users\jim\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-10-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-11]
CHR Extension: (Chrome Media Router) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-11]
CHR Profile: C:\Users\jim\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-17]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-06] (AVAST Software)
S4 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S4 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-11-21] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-06-06] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-06-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-06-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-06-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-06-06] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [815792 2016-06-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [449640 2016-06-06] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [124808 2016-06-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-08-12] (AVAST Software)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63l.sys [4715008 2013-07-01] (Broadcom Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [26168 2016-10-20] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [40504 2016-10-20] (Disc Soft Ltd)
R3 netr28u; C:\WINDOWS\system32\DRIVERS\netr28u.sys [1696528 2013-06-18] (Ralink Technology Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [30224 2014-11-21] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [219992 2014-11-21] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-11-21] (Microsoft Corporation)
S3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [190976 2014-11-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-22 12:23 - 2016-10-22 12:34 - 00007733 _____ C:\Users\jim\Desktop\FRST.txt
2016-10-22 12:23 - 2016-10-22 12:23 - 00000000 ____D C:\FRST
2016-10-22 05:53 - 2016-10-22 05:53 - 00000295 _____ C:\Users\jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Homegroup.lnk
2016-10-22 02:28 - 2016-10-21 23:58 - 00000000 ___DC C:\WINDOWS\Panther
2016-10-22 02:26 - 2016-10-22 02:26 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2016-10-22 02:26 - 2016-10-22 02:26 - 00000000 ____D C:\Windows.old
2016-10-22 02:24 - 2016-10-22 02:24 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-10-22 02:24 - 2016-10-22 02:24 - 00000000 ____D C:\Program Files\MSBuild
2016-10-22 02:23 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-10-22 02:23 - 2013-08-03 00:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-10-22 02:23 - 2013-08-03 00:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-10-21 23:44 - 2016-10-21 23:44 - 00000400 __RSH C:\ProgramData\ntuser.pol
2016-10-21 23:06 - 2016-10-21 23:06 - 00001448 _____ C:\Users\jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-21 23:05 - 2016-10-21 23:05 - 00000020 ___SH C:\Users\jim\ntuser.ini
2016-10-21 22:47 - 2016-10-21 22:47 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-21 22:42 - 2016-10-21 22:42 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-10-21 22:39 - 2016-10-21 23:05 - 00000000 ____D C:\Users\jim
2016-10-21 22:39 - 2016-10-21 23:02 - 00028578 _____ C:\WINDOWS\diagwrn.xml
2016-10-21 22:39 - 2016-10-21 23:02 - 00028578 _____ C:\WINDOWS\diagerr.xml
2016-10-21 22:39 - 2016-10-21 22:39 - 00000000 _SHDL C:\Users\jim\My Documents
2016-10-21 22:39 - 2016-10-21 22:39 - 00000000 _SHDL C:\Users\jim\Documents\My Videos
2016-10-21 22:39 - 2016-10-21 22:39 - 00000000 _SHDL C:\Users\jim\Documents\My Pictures
2016-10-21 22:39 - 2016-10-21 22:39 - 00000000 _SHDL C:\Users\jim\Documents\My Music
2016-10-21 22:39 - 2014-11-21 20:58 - 00000369 _____ C:\Users\jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-10-21 22:39 - 2014-11-21 20:58 - 00000369 _____ C:\Users\jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-10-21 21:57 - 2016-10-21 22:05 - 00000000 ___HD C:\$WINDOWS.~BT
2016-10-21 03:03 - 2016-10-22 05:40 - 00000000 ____D C:\Program Files\Belarc
2016-10-21 00:04 - 2016-10-21 00:04 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\jim\Desktop\rufus-2.11.exe
2016-10-20 03:08 - 2016-10-20 03:08 - 00000000 ____D C:\Users\jim\AppData\Local\Disc_Soft_Ltd
2016-10-20 03:05 - 2016-10-20 03:05 - 00040504 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2016-10-20 03:03 - 2016-10-20 03:04 - 00026168 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2016-10-20 03:03 - 2016-10-20 03:03 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-10-20 01:54 - 2016-10-20 01:54 - 01483336 _____ (Microsoft Corporation) C:\Users\jim\Downloads\mediacreationtool.exe
2016-10-15 00:13 - 2016-10-17 02:16 - 00000000 ____D C:\AdwCleaner
2016-10-11 18:19 - 2016-09-12 19:51 - 00076464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-11 18:19 - 2016-09-09 09:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-10-10 17:14 - 2016-10-17 02:00 - 01756672 _____ (Farbar) C:\Users\jim\Desktop\FRST.exe
2016-10-10 01:55 - 2016-10-22 05:42 - 00000000 ____D C:\Users\jim\Themes
2016-10-09 17:21 - 2016-10-21 22:43 - 00000000 ____D C:\WINDOWS\system32\appmgmt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-22 11:49 - 2016-08-04 12:38 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-22 10:27 - 2012-07-26 02:43 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-22 06:18 - 2016-08-04 12:38 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-22 06:03 - 2012-05-17 23:48 - 00000000 ____D C:\Users\jim\Desktop\shortcut icons
2016-10-22 06:01 - 2011-10-12 19:42 - 00000000 ___RD C:\Users\jim\Desktop\program downloads
2016-10-22 02:27 - 2013-08-22 04:17 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2016-10-22 02:24 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\System
2016-10-22 02:24 - 2013-08-22 00:07 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdmd.dll
2016-10-22 02:24 - 2013-08-22 00:05 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\graftabl.com
2016-10-22 02:24 - 2013-08-22 00:04 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win.com
2016-10-22 02:24 - 2013-08-22 00:01 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdmredir.dll
2016-10-22 02:24 - 2013-08-21 23:55 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm.exe
2016-10-22 02:24 - 2013-08-21 21:42 - 00092320 _____ (Microsoft Corporation) C:\WINDOWS\system32\krnl386.exe
2016-10-22 02:24 - 2013-08-21 21:42 - 00069886 _____ C:\WINDOWS\system32\edit.com
2016-10-22 02:24 - 2013-08-21 21:42 - 00068992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMSYSTEM.DLL
2016-10-22 02:24 - 2013-08-21 21:42 - 00068992 _____ (Microsoft Corporation) C:\WINDOWS\system\MMSYSTEM.DLL
2016-10-22 02:24 - 2013-08-21 21:42 - 00050648 _____ C:\WINDOWS\system32\COMMAND.COM
2016-10-22 02:24 - 2013-08-21 21:42 - 00047840 _____ (Microsoft Corporation) C:\WINDOWS\system32\USER.EXE
2016-10-22 02:24 - 2013-08-21 21:42 - 00042809 _____ C:\WINDOWS\system32\KEY01.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00042537 _____ C:\WINDOWS\system32\KEYBOARD.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDEML.DLL
2016-10-22 02:24 - 2013-08-21 21:42 - 00039274 _____ C:\WINDOWS\system32\mem.exe
2016-10-22 02:24 - 2013-08-21 21:42 - 00035776 _____ C:\WINDOWS\system32\NTIO411.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00035552 _____ C:\WINDOWS\system32\NTIO412.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00034688 _____ C:\WINDOWS\system32\NTIO804.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00034688 _____ C:\WINDOWS\system32\NTIO404.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00033968 _____ C:\WINDOWS\system32\NTIO.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00029370 _____ C:\WINDOWS\system32\NTDOS411.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00029274 _____ C:\WINDOWS\system32\NTDOS412.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00029146 _____ C:\WINDOWS\system32\NTDOS804.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00029146 _____ C:\WINDOWS\system32\NTDOS404.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00027866 _____ C:\WINDOWS\system32\NTDOS.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00027097 _____ C:\WINDOWS\system32\country.sys
2016-10-22 02:24 - 2013-08-21 21:42 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\GDI.EXE
2016-10-22 02:24 - 2013-08-21 21:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\OLESVR.DLL
2016-10-22 02:24 - 2013-08-21 21:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system\OLESVR.DLL
2016-10-22 02:24 - 2013-08-21 21:42 - 00021232 _____ C:\WINDOWS\system32\graphics.pro
2016-10-22 02:24 - 2013-08-21 21:42 - 00020634 _____ C:\WINDOWS\system32\debug.exe
2016-10-22 02:24 - 2013-08-21 21:42 - 00019694 _____ C:\WINDOWS\system32\GRAPHICS.COM
2016-10-22 02:24 - 2013-08-21 21:42 - 00014710 _____ C:\WINDOWS\system32\KB16.COM
2016-10-22 02:24 - 2013-08-21 21:42 - 00012704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFWNET.DRV
2016-10-22 02:24 - 2013-08-21 21:42 - 00012704 _____ (Microsoft Corporation) C:\WINDOWS\system\WFWNET.DRV
2016-10-22 02:24 - 2013-08-21 21:42 - 00012642 _____ C:\WINDOWS\system32\edlin.exe
2016-10-22 02:24 - 2013-08-21 21:42 - 00012498 _____ C:\WINDOWS\system32\append.exe
2016-10-22 02:24 - 2013-08-21 21:42 - 00011753 _____ C:\WINDOWS\system32\setver.exe
2016-10-22 02:24 - 2013-08-21 21:42 - 00010790 _____ C:\WINDOWS\system32\EDIT.HLP
2016-10-22 02:24 - 2013-08-21 21:42 - 00010544 _____ (Microsoft Corporation) C:\WINDOWS\system32\COMM.drv
2016-10-22 02:24 - 2013-08-21 21:42 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WIFEMAN.DLL
2016-10-22 02:24 - 2013-08-21 21:42 - 00009029 _____ C:\WINDOWS\system32\ANSI.SYS
2016-10-22 02:24 - 2013-08-21 21:42 - 00008424 _____ C:\WINDOWS\system32\exe2bin.exe
2016-10-22 02:24 - 2013-08-21 21:42 - 00007052 _____ C:\WINDOWS\system32\nlsfunc.exe
2016-10-22 02:24 - 2013-08-21 21:42 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WINNLS.DLL
2016-10-22 02:24 - 2013-08-21 21:42 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHELL.DLL
2016-10-22 02:24 - 2013-08-21 21:42 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system\SHELL.DLL
2016-10-22 02:24 - 2013-08-21 21:42 - 00004768 _____ C:\WINDOWS\system32\HIMEM.SYS
2016-10-22 02:24 - 2013-08-21 21:40 - 00028112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DRWATSON.EXE
2016-10-22 02:24 - 2013-08-21 21:40 - 00013888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TOOLHELP.DLL
2016-10-22 02:24 - 2013-08-21 21:38 - 00053600 _____ C:\WINDOWS\system32\dosx.exe
2016-10-22 02:24 - 2013-08-21 21:35 - 00032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\COMMDLG.DLL
2016-10-22 02:24 - 2013-08-21 21:35 - 00032816 _____ (Microsoft Corporation) C:\WINDOWS\system\COMMDLG.DLL
2016-10-22 02:24 - 2013-08-21 19:48 - 00256192 _____ (Microsoft Corporation) C:\WINDOWS\winhelp.exe
2016-10-22 02:24 - 2013-08-21 19:48 - 00221600 _____ (Microsoft Corporation) C:\WINDOWS\system32\lanman.drv
2016-10-22 02:24 - 2013-08-21 19:48 - 00177856 _____ (Microsoft Corporation) C:\WINDOWS\system32\typelib.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00169520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole2disp.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00153008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole2nls.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00127213 _____ C:\WINDOWS\system32\ega.cpi
2016-10-22 02:24 - 2013-08-21 19:48 - 00108464 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\olecli.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system\olecli.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmspl.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00042592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole2.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00028420 _____ C:\WINDOWS\system32\bios1.rom
2016-10-22 02:24 - 2013-08-21 19:48 - 00027792 _____ (Microsoft Corporation) C:\WINDOWS\system32\compobj.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00027200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ctl3dv2.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00018896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysedit.exe
2016-10-22 02:24 - 2013-08-21 19:48 - 00018832 _____ C:\WINDOWS\system32\v7vga.rom
2016-10-22 02:24 - 2013-08-21 19:48 - 00013312 _____ C:\WINDOWS\system32\win87em.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00009936 _____ (Microsoft Corporation) C:\WINDOWS\system32\lzexpand.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00009936 _____ (Microsoft Corporation) C:\WINDOWS\system\lzexpand.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00009008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ver.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00009008 _____ (Microsoft Corporation) C:\WINDOWS\system\ver.dll
2016-10-22 02:24 - 2013-08-21 19:48 - 00008191 _____ C:\WINDOWS\system32\bios4.rom
2016-10-22 02:24 - 2013-08-21 19:48 - 00005532 _____ (Microsoft Corporation) C:\WINDOWS\system\stdole.tlb
2016-10-22 02:24 - 2013-08-21 19:48 - 00004208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storage.dll
2016-10-22 00:42 - 2014-11-21 21:00 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-22 00:42 - 2013-08-22 02:21 - 00000000 ____D C:\WINDOWS\inf
2016-10-22 00:29 - 2013-08-22 03:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-22 00:28 - 2013-08-22 02:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-10-21 23:37 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-21 23:33 - 2014-11-20 01:07 - 00000000 __SHD C:\Users\jim\AppData\LocalLow\EmieBrowserModeList
2016-10-21 23:33 - 2014-11-20 01:07 - 00000000 __SHD C:\Users\jim\AppData\Local\EmieBrowserModeList
2016-10-21 23:33 - 2014-10-03 18:39 - 00000000 __SHD C:\Users\jim\AppData\LocalLow\EmieUserList
2016-10-21 23:33 - 2014-10-03 18:38 - 00000000 __SHD C:\Users\jim\AppData\LocalLow\EmieSiteList
2016-10-21 23:33 - 2014-10-03 18:38 - 00000000 __SHD C:\Users\jim\AppData\Local\EmieUserList
2016-10-21 23:33 - 2014-10-03 18:38 - 00000000 __SHD C:\Users\jim\AppData\Local\EmieSiteList
2016-10-21 23:10 - 2013-08-22 04:17 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-21 23:10 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\rescache
2016-10-21 23:02 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\Registration
2016-10-21 22:58 - 2014-10-03 17:51 - 00021412 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-10-21 22:56 - 2013-08-22 04:17 - 00000000 __RSD C:\WINDOWS\Media
2016-10-21 22:56 - 2013-08-22 04:17 - 00000000 __RHD C:\Users\Public\Libraries
2016-10-21 22:49 - 2013-08-22 03:22 - 00335400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-21 22:48 - 2016-08-04 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-10-21 22:48 - 2016-08-02 03:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-21 22:48 - 2016-01-03 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-21 22:48 - 2015-04-15 02:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-10-21 22:48 - 2014-11-05 03:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
2016-10-21 22:48 - 2014-10-22 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-21 22:48 - 2014-09-29 05:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2016-10-21 22:48 - 2014-09-10 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2016-10-21 22:48 - 2014-05-12 22:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-10-21 22:48 - 2014-05-12 22:18 - 00000000 ____D C:\WINDOWS\en
2016-10-21 22:48 - 2013-08-22 04:17 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-10-21 22:48 - 2013-08-22 02:13 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-10-21 22:47 - 2014-11-21 20:27 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-10-21 22:47 - 2014-11-04 11:34 - 00000000 ____D C:\WINDOWS\system32\RaLanguages
2016-10-21 22:47 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\spool
2016-10-21 22:47 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-21 22:47 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-10-21 22:47 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\IME
2016-10-21 22:47 - 2013-08-22 02:21 - 00000000 ____D C:\Users\Default.migrated
2016-10-21 22:43 - 2016-01-29 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-10-21 22:43 - 2014-11-21 20:27 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-10-21 22:43 - 2014-10-13 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2016-10-21 22:43 - 2014-10-08 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-10-21 22:43 - 2013-12-11 01:10 - 00000000 ____D C:\ProgramData\PRICache
2016-10-21 22:43 - 2013-08-22 04:17 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-10-21 22:43 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\Resources
2016-10-21 22:43 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\InputMethod
2016-10-21 22:43 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\Help
2016-10-21 22:43 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\FileManager
2016-10-21 22:43 - 2013-08-22 04:17 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-10-21 22:42 - 2013-08-22 04:17 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-10-21 22:41 - 2013-12-11 01:10 - 00000000 ____D C:\Users\jim\AppData\Local\Packages
2016-10-21 22:35 - 2013-08-22 02:21 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-10-21 22:10 - 2006-11-10 17:59 - 00008192 __RSH C:\BOOTSECT.BAK
2016-10-21 22:04 - 2016-08-03 21:40 - 00326726 _____ C:\WINDOWS\ntbtlog.txt
2016-10-21 02:27 - 2013-12-10 17:55 - 00000000 __RHD C:\ESD
2016-10-17 02:01 - 2014-04-04 15:06 - 00000000 ____D C:\Users\jim\AppData\LocalLow\Temp
2016-10-11 18:30 - 2014-01-06 17:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-11 18:21 - 2014-01-06 17:03 - 141042968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-09 19:50 - 2014-10-22 18:25 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2016-10-09 17:38 - 2014-10-13 20:25 - 00000000 ____D C:\Users\jim\Documents\My Data Files
2016-10-09 15:22 - 2013-12-11 01:10 - 00000000 ____D C:\Users\jim\AppData\Local\VirtualStore
2016-10-09 13:06 - 2016-08-04 12:52 - 00002163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2016-08-04 16:24 - 2016-08-04 16:26 - 0004608 _____ () C:\Users\jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-11 00:17 - 2014-10-11 00:17 - 0000017 _____ () C:\Users\jim\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\jim\AppData\Local\Temp\GLB1A2B.EXE
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-21 22:29
 
==================== End of FRST.txt ============================
 
 

Edited by Becky616, 22 October 2016 - 11:15 AM.

  • 0

#15
Becky616
Posted 22 October 2016 - 11:23 AM

Becky616

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Capture.PNG


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP