Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Microsoft Windows is not responding. Would you like to End Process. Ca


  • Please log in to reply

#1
Waterfireearth

Waterfireearth

    Member

  • Member
  • PipPip
  • 17 posts

My Windows 7 machine started doing something really weird today. 

First it stopped working. I was not able to do anything. The mouse moved. Oh and Rocketdock was still working when I moused over it (a third party application I use).

 

So I attempted to restart using a RocketDock shortcut I have. Only.... it tried to restart, but forever hung in the 'restarting'.

So I manually forced a restart.

 

Since then it comes up with 'Microsoft Windows - The application is not responding. End Process. Cancel.

Tried booting into safe mode. It worked.

 

So a quick google search shows me it could be malware or a virus. To rule out any possibility of any infections of any kind I would greatly appreciate it if this community could help me run a complete and thorough scan for any infection of any kind.

 

Thank you.


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    Waterfireearth

    Waterfireearth

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    Right now I booted the PC having left it off for a while. I am able to use it for some reason now.

     

    I still don't trust it.

     

    So I assume you want me to do this in normal boot mode? Considering in safe mode with networking I had no internet?


    • 0

    #4
    Waterfireearth

    Waterfireearth

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    NOTE: MSE STOPPED WORKING A LONG TIME AGO. SO I INSTALLED AVG. NO IDEA WHY FARBAR SAYS MSE IS ENABLED....

    Also I have removed my name and other details I quickly scanned over and saw as personal.

     

    # AdwCleaner v6.030 - Logfile created 20/11/2016 at 22:09:58

    # Updated on 19/10/2016 by Malwarebytes

    # Database : 2016-11-20.1 [Server]

    # Operating System : Windows 7 Professional Service Pack 1 (X64)

    # Username : NAME REMOVED FOR PRIVACY

    # Running from : REMOVED FOR PRIVACY\AdwCleaner.exe

    # Mode: Clean

    # Support : hxxps://www.malwarebytes.com/support

     

     

     

    ***** [ Services ] *****

     

     

     

    ***** [ Folders ] *****

     

    [-] Folder deleted: C:\ProgramData\Avg_Update_1116avz

     

     

    ***** [ Files ] *****

     

     

     

    ***** [ DLL ] *****

     

     

     

    ***** [ WMI ] *****

     

     

     

    ***** [ Shortcuts ] *****

     

     

     

    ***** [ Scheduled Tasks ] *****

     

     

     

    ***** [ Registry ] *****

     

     

     

    ***** [ Web browsers ] *****

     

    [-] [C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com

    [-] [C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: starship-troopers.en.softonic.com

     

     

    *************************

     

    :: "Tracing" keys deleted

    :: Winsock settings cleared

     

    *************************

     

    C:\AdwCleaner\AdwCleaner[C0].txt - [1087 Bytes] - [20/11/2016 22:09:58]

    C:\AdwCleaner\AdwCleaner[S0].txt - [1377 Bytes] - [20/11/2016 22:03:51]

    C:\AdwCleaner\AdwCleaner[S1].txt - [1450 Bytes] - [20/11/2016 22:08:08]

     

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1306 Bytes] ##########

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Malwarebytes

    Version: 8.0.9 (09.30.2016)

    Operating System: Windows 7 Professional x64

    Ran by NAME REMOVED (Administrator) on 20/11/2016 at 22:17:17.65

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

     

    File System: 40

     

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4825DWT5 (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JEPQSSK (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\509FLVUF (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LV172PH (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66HCPIYS (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CZRZF5N (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EBQXUCH (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98RZBZQ5 (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DI474R6S (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FE9ZHEDT (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHCTOMCI (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KUPCV5C4 (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCQAVRYT (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OELUV6G9 (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SREHOXS8 (Temporary Internet Files Folder)

    Successfully deleted: C:\Users\NAME REMOVED\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFL957UN (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4825DWT5 (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JEPQSSK (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\509FLVUF (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LV172PH (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66HCPIYS (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CZRZF5N (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7EBQXUCH (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98RZBZQ5 (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DI474R6S (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FE9ZHEDT (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHCTOMCI (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KUPCV5C4 (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCQAVRYT (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OELUV6G9 (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SREHOXS8 (Temporary Internet Files Folder)

    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFL957UN (Temporary Internet Files Folder)

     

     

     

    Registry: 0

     

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 20/11/2016 at 22:19:46.62

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01

    Ran by NAME REMOVED (administrator) on NAME OF PC REMOVED (20-11-2016 22:26:52)

    Running from D:\6 - Downloads D Drive 1TB

    Loaded Profiles: NAME REMOVED (Available Profiles: NAME REMOVED)

    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

    Internet Explorer Version 11 (Default browser: Chrome)

    Boot Mode: Normal

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

     

    ==================== Processes (Whitelisted) =================

     

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

     

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

    (AMD) C:\Windows\System32\atiesrxx.exe

    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe

    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe

    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe

    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    (Microsoft Corporation) C:\Windows\splwow64.exe

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

     

     

    ==================== Registry (Whitelisted) ====================

     

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

     

    HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-11-15] (Advanced Micro Devices, Inc.)

    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)

    HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [528384 2016-11-03] (Greenshot)

    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)

    HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()

    HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()

    HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd

    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)

    HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-03-03] (CyberLink Corp.)

    HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

    HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)

    HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)

    HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [31048 2013-08-15] (Nuance Communications, Inc.)

    HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)

    HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2756672 2016-03-09] (Dominik Reichl)

    HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [697640 2010-02-10] (CyberLink Corporation.)

    HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [47432 2013-08-15] (Nuance Communications, Inc.)

    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1009632 2016-08-08] (DivX, LLC)

    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)

    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)

    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)

    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)

    HKLM-x32\...\Run: [Agile1pAgent] => D:\Programs\1Password 4\Agile1pAgent.exe [4914832 2016-10-06] (AgileBits)

    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

    HKU\S-1-5-21-2475219335-3918251388-134586344-1000\...\Run: [Steam] => D:\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)

    HKU\S-1-5-21-2475219335-3918251388-134586344-1000\...\Run: [Spotify Web Helper] => C:\Users\NAME REMOVED\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-16] (Spotify Ltd)

    HKU\S-1-5-21-2475219335-3918251388-134586344-1000\...\Run: [Spotify] => C:\Users\NAME REMOVED\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-16] (Spotify Ltd)

    HKU\S-1-5-21-2475219335-3918251388-134586344-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)

    HKU\S-1-5-21-2475219335-3918251388-134586344-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()

    HKU\S-1-5-21-2475219335-3918251388-134586344-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)

    HKU\S-1-5-21-2475219335-3918251388-134586344-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)

    HKU\S-1-5-21-2475219335-3918251388-134586344-1000\...\MountPoints2: {e84871d0-5dd7-11e6-88fa-000272de4ef0} - V:\AUTORUN\AUTORUN.EXE

    Startup: C:\Users\NAME REMOVED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AppleWirelessKeyboard.exe [2012-12-25] (uxsoft)

    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

     

    ==================== Internet (Whitelisted) ====================

     

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

     

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    Tcpip\..\Interfaces\{77D1FB16-19EF-4E99-B622-EF4D19FD1638}: [DhcpNameServer] 192.168.0.1

     

    Internet Explorer:

    ==================

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

    BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> D:\Programs\1Password 4\x64\Agile1pIE4.dll [2016-10-06] (AgileBits)

    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)

    BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> D:\Programs\1Password 4\x86\Agile1pIE4.dll [2016-10-06] (AgileBits)

    BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)

    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)

    DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://192.168.0.6/WebClient.exe

     

    FireFox:

    ========

    FF DefaultProfile: o0mvzwal.default

    FF ProfilePath: C:\Users\NAME REMOVED\AppData\Roaming\Mozilla\Firefox\Profiles\o0mvzwal.default [2016-11-20]

    FF Session Restore: Mozilla\Firefox\Profiles\o0mvzwal.default -> is enabled.

    FF Extension: (F.B. Purity - Cleans Up Facebook) - C:\Users\NAME REMOVED\AppData\Roaming\Mozilla\Firefox\Profiles\o0mvzwal.default\Extensions\[email protected] [2016-02-18]

    FF Extension: (Dashlane) - C:\Users\NAME REMOVED\AppData\Roaming\Mozilla\Firefox\Profiles\o0mvzwal.default\Extensions\[email protected] [2016-08-13]

    FF Extension: (WOT) - C:\Users\NAME REMOVED\AppData\Roaming\Mozilla\Firefox\Profiles\o0mvzwal.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-03-22]

    FF Extension: (Adblock Plus) - C:\Users\NAME REMOVED\AppData\Roaming\Mozilla\Firefox\Profiles\o0mvzwal.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-29]

    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

    FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-02-07] [not signed]

    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-16] ()

    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)

    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-16] ()

    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)

    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-08-08] (DivX, LLC)

    FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]

    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)

    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)

    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

     

    Chrome:

    =======

    CHR Session Restore: Default -> is enabled.

    CHR Profile: C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default [2016-11-20]

    CHR Extension: (Google Slides) - C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-17]

    CHR Extension: (Google Docs) - C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-17]

    CHR Extension: (Google Drive) - C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-17]

    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-08]

    CHR Extension: (YouTube) - C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-17]

    CHR Extension: (Google Sheets) - C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-17]

    CHR Extension: (Google Docs Offline) - C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-05]

    CHR Extension: (AdBlock) - C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-18]

    CHR Extension: (F.B. Purity For Facebook) - C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-07-16]

    CHR Extension: (Chrome Web Store Payments) - C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]

    CHR Extension: (Gmail) - C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-17]

    CHR Extension: (Chrome Media Router) - C:\Users\NAME REMOVED\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]

    CHR HKU\S-1-5-21-2475219335-3918251388-134586344-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

     

    ==================== Services (Whitelisted) ====================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)

    S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-11-02] (AVG Technologies CZ, s.r.o.)

    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337696 2016-11-02] (AVG Technologies CZ, s.r.o.)

    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)

    R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-11-02] (AVG Technologies CZ, s.r.o.)

    S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

    S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [303544 2015-07-27] (CyberLink)

    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

    S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]

    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]

    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)

    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]

    R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)

    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)

    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)

    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)

    R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-10-06] (IBM Corp.)

    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

     

    ===================== Drivers (Whitelisted) ======================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)

    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-10-17] (AVG Technologies CZ, s.r.o.)

    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)

    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [267520 2016-10-19] (AVG Technologies CZ, s.r.o.)

    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)

    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)

    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)

    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)

    R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)

    R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)

    R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)

    R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)

    S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-11-20] ()

    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)

    R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)

    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)

    R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [85160 2016-04-19] (Logitech Inc.)

    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)

    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

    R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-19] (IBM Corp.)

    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-10-06] (IBM Corp.)

    R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235184 2016-10-06] (IBM Corp.)

    R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489712 2016-10-06] (IBM Corp.)

    R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [547888 2016-10-06] (IBM Corp.)

    S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-08-20] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]

    R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)

    R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)

    S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]

    S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]

    S3 btath_avdt; system32\drivers\btath_avdt.sys [X]

    S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]

    S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]

    S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]

    S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]

    S3 btaudio; system32\drivers\btaudio.sys [X]

    S3 BTDriver; system32\DRIVERS\btport.sys [X]

    S3 BtFilter; system32\DRIVERS\btfilter.sys [X]

    S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X]

    S3 btwhid; system32\DRIVERS\btwhid.sys [X]

     

    ==================== NetSvcs (Whitelisted) ===================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

     

    ==================== One Month Created files and folders ========

     

    (If an entry is included in the fixlist, the file/folder will be moved.)

     

    2016-11-20 22:24 - 2016-11-20 22:26 - 00000000 ____D C:\FRST

    2016-11-20 22:19 - 2016-11-20 22:19 - 00007136 _____ C:\Users\NAME REMOVED\Desktop\JRT.txt

    2016-11-20 22:01 - 2016-11-20 22:09 - 00000000 ____D C:\AdwCleaner

    2016-11-20 19:20 - 2016-11-20 19:27 - 00000000 ____D C:\Windows\pss

    2016-11-20 19:18 - 2016-11-20 19:27 - 00520346 _____ C:\Windows\ntbtlog.txt

    2016-11-19 20:06 - 2016-07-22 14:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

    2016-11-19 20:06 - 2016-07-22 14:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

    2016-11-19 12:47 - 2016-11-19 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings

    2016-11-19 12:46 - 2016-11-19 12:46 - 00000000 ____D C:\Users\NAME REMOVED\AppData\LocalLow\AMD

    2016-11-18 15:04 - 2016-11-18 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot

    2016-11-18 15:04 - 2016-11-18 15:04 - 00000000 ____D C:\Program Files\Greenshot

    2016-11-15 21:21 - 2016-11-15 21:21 - 09981352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll

    2016-11-15 21:20 - 2016-11-15 21:20 - 07213248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll

    2016-11-15 21:20 - 2016-11-15 21:20 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll

    2016-11-15 21:20 - 2016-11-15 21:20 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll

    2016-11-15 21:20 - 2016-11-15 21:20 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll

    2016-11-15 21:20 - 2016-11-15 21:20 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll

    2016-11-15 21:20 - 2016-11-15 21:20 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll

    2016-11-15 21:20 - 2016-11-15 21:20 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll

    2016-11-15 21:20 - 2016-11-15 21:20 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll

    2016-11-15 21:19 - 2016-11-15 21:19 - 00145400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll

    2016-11-15 21:19 - 2016-11-15 21:19 - 00124776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll

    2016-11-15 21:18 - 2016-11-15 21:18 - 02481032 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll

    2016-11-15 21:18 - 2016-11-15 21:18 - 00520072 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys

    2016-11-15 21:18 - 2016-11-15 21:18 - 00286600 _____ (AMD) C:\Windows\system32\atitmm64.dll

    2016-11-15 21:18 - 2016-11-15 21:18 - 00281992 _____ C:\Windows\system32\dgtrayicon.exe

    2016-11-15 21:18 - 2016-11-15 21:18 - 00275336 _____ C:\Windows\system32\GameManager64.dll

    2016-11-15 21:18 - 2016-11-15 21:18 - 00136584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll

    2016-11-15 21:18 - 2016-11-15 21:18 - 00117640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll

    2016-11-15 21:18 - 2016-11-15 21:18 - 00110472 _____ (AMD) C:\Windows\system32\atimuixx.dll

    2016-11-15 21:18 - 2016-11-15 21:18 - 00059784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll

    2016-11-15 21:18 - 2016-11-15 21:18 - 00020360 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 15728008 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 14318984 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 09926536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 08065928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 02163592 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00525704 _____ (AMD) C:\Windows\system32\atieclxx.exe

    2016-11-15 21:17 - 2016-11-15 21:17 - 00458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00402312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe

    2016-11-15 21:17 - 2016-11-15 21:17 - 00349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe

    2016-11-15 21:17 - 2016-11-15 21:17 - 00289160 _____ (AMD) C:\Windows\system32\atiesrxx.exe

    2016-11-15 21:17 - 2016-11-15 21:17 - 00230280 _____ C:\Windows\system32\atieah64.exe

    2016-11-15 21:17 - 2016-11-15 21:17 - 00208264 _____ C:\Windows\SysWOW64\atieah32.exe

    2016-11-15 21:17 - 2016-11-15 21:17 - 00201608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00175496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00160136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00155016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00134536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00129416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00122760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00108936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00082824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00078728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00072072 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00068488 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe

    2016-11-15 21:17 - 2016-11-15 21:17 - 00066952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00066440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00065416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll

    2016-11-15 21:17 - 2016-11-15 21:17 - 00054664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 48824712 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 38268808 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 27489672 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 21640584 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 09311624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 07363976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 01333128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 00998280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 00845192 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 00679304 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 00305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys

    2016-11-15 21:16 - 2016-11-15 21:16 - 00269192 _____ C:\Windows\system32\clinfo.exe

    2016-11-15 21:16 - 2016-11-15 21:16 - 00267656 _____ C:\Windows\system32\hsa-thunk64.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 00248200 _____ C:\Windows\system32\amdgfxinfo64.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 00233352 _____ C:\Windows\SysWOW64\hsa-thunk.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 00221064 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 00112520 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

    2016-11-15 21:16 - 2016-11-15 21:16 - 00103304 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

    2016-11-15 21:15 - 2016-11-15 21:15 - 33248136 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll

    2016-11-15 21:15 - 2016-11-15 21:15 - 27295624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll

    2016-11-15 21:13 - 2016-11-15 21:13 - 26560512 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys

    2016-11-15 20:46 - 2016-11-15 20:46 - 00760312 _____ C:\Windows\SysWOW64\atiapfxx.blb

    2016-11-15 20:46 - 2016-11-15 20:46 - 00760312 _____ C:\Windows\system32\atiapfxx.blb

    2016-11-15 20:35 - 2016-11-15 20:35 - 03437632 _____ C:\Windows\system32\atiumd6a.cap

    2016-11-15 20:31 - 2016-11-15 20:31 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap

    2016-10-29 15:56 - 2016-11-20 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    2016-10-21 18:22 - 2016-10-21 18:22 - 00177280 _____ C:\Windows\system32\ativce03.dat

    2016-10-21 18:22 - 2016-10-21 18:22 - 00175584 _____ C:\Windows\system32\amde31a.dat

    2016-10-21 17:00 - 2016-10-21 17:00 - 00166560 _____ C:\Windows\system32\amde34b.dat

    2016-10-21 17:00 - 2016-10-21 17:00 - 00166560 _____ C:\Windows\system32\amde34a.dat

     

    ==================== One Month Modified files and folders ========

     

    (If an entry is included in the fixlist, the file/folder will be moved.)

     

    2016-11-20 22:22 - 2016-02-07 20:08 - 00000000 ____D C:\Users\NAME REMOVED\AppData\Roaming\Skype

    2016-11-20 22:17 - 2016-02-19 09:04 - 00000000 ____D C:\Users\NAME REMOVED\AppData\Local\CrashDumps

    2016-11-20 22:17 - 2016-02-07 05:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2016-11-20 22:17 - 2009-07-14 05:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI

    2016-11-20 22:17 - 2009-07-14 04:45 - 00020528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2016-11-20 22:17 - 2009-07-14 04:45 - 00020528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2016-11-20 22:17 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf

    2016-11-20 22:12 - 2016-05-13 10:47 - 00000000 ____D C:\Users\NAME REMOVED\AppData\Local\Spotify

    2016-11-20 22:12 - 2016-05-13 10:46 - 00000000 ____D C:\Users\NAME REMOVED\AppData\Roaming\Spotify

    2016-11-20 22:12 - 2016-03-23 09:48 - 00000000 ____D C:\ProgramData\MFAData

    2016-11-20 22:11 - 2016-07-31 04:33 - 00065536 _____ C:\Windows\system32\spu_storage.bin

    2016-11-20 22:11 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

    2016-11-20 21:52 - 2016-02-07 18:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

    2016-11-20 21:51 - 2016-02-07 06:07 - 00000000 ____D C:\Windows\system32\MRT

    2016-11-20 21:46 - 2016-02-07 06:07 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

    2016-11-20 19:28 - 2016-02-07 19:03 - 00000000 ____D C:\Users\NAME REMOVED\AppData\Local\Greenshot

    2016-11-20 19:26 - 2016-02-07 16:19 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys

    2016-11-20 19:25 - 2016-09-04 16:51 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref

    2016-11-20 19:25 - 2016-02-07 16:20 - 00030528 _____ C:\Windows\GVTDrv64.sys

    2016-11-20 19:22 - 2016-02-07 16:00 - 00000000 ____D C:\Users\NAME REMOVED\AppData\Local\ElevatedDiagnostics

    2016-11-20 19:14 - 2016-02-07 18:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

    2016-11-20 19:06 - 2016-09-28 11:29 - 00003590 _____ C:\Windows\System32\Tasks\AVG EUpdate Task

    2016-11-20 19:06 - 2016-04-15 07:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

    2016-11-20 19:06 - 2016-02-07 05:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2016-11-19 15:48 - 2016-02-07 19:44 - 00000000 ____D C:\Users\NAME REMOVED\AppData\Local\Ubisoft Game Launcher

    2016-11-19 12:47 - 2016-07-31 04:32 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater

    2016-11-19 12:42 - 2016-02-07 16:26 - 00000000 ____D C:\AMD

    2016-11-19 12:34 - 2016-03-23 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

    2016-11-16 15:04 - 2016-02-07 05:34 - 00000000 ____D C:\Users\NAME REMOVED\AppData\Local\Google

    2016-11-16 13:44 - 2016-02-07 16:44 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

    2016-11-16 13:44 - 2016-02-07 16:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    2016-11-16 13:34 - 2016-03-23 09:48 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk

    2016-11-16 13:34 - 2016-03-23 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen

    2016-11-16 13:28 - 2016-04-15 07:40 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

    2016-11-16 13:28 - 2016-04-15 07:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    2016-11-16 13:28 - 2016-04-15 07:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

    2016-11-16 13:28 - 2016-04-15 07:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed

    2016-11-16 13:28 - 2016-04-15 07:40 - 00000000 ____D C:\Windows\system32\Macromed

    2016-11-16 13:22 - 2016-05-17 18:45 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

    2016-11-16 13:22 - 2016-05-17 18:45 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

    2016-11-16 13:19 - 2009-07-14 05:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT

    2016-11-15 21:21 - 2016-07-18 22:20 - 10977392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll

    2016-11-15 21:20 - 2016-09-07 15:47 - 00139720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll

    2016-11-15 21:20 - 2016-07-18 22:21 - 00170072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll

    2016-11-15 21:20 - 2016-07-18 22:21 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll

    2016-11-15 21:20 - 2016-07-18 22:20 - 08847888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll

    2016-11-15 21:18 - 2016-09-07 15:47 - 09114104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll

    2016-11-15 21:18 - 2016-07-18 22:21 - 10965056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll

    2016-11-15 21:18 - 2016-07-18 20:39 - 00240008 _____ C:\Windows\SysWOW64\GameManager32.dll

    2016-11-15 21:18 - 2014-09-03 12:55 - 00020360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll

    2016-11-15 21:17 - 2016-07-18 22:21 - 01561632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll

    2016-11-15 21:17 - 2016-07-18 22:21 - 01281448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll

    2016-11-15 21:16 - 2016-09-07 14:16 - 00892296 _____ (AMD) C:\Windows\system32\coinst_16.40.dll

    2016-11-15 21:16 - 2015-12-04 16:43 - 00998280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll

    2016-10-29 16:04 - 2016-08-24 21:09 - 00000000 ____D C:\ProgramData\NVMS-1000

    2016-10-28 01:22 - 2010-11-21 03:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    2016-10-26 10:13 - 2016-02-07 05:34 - 00114880 _____ C:\Users\NAME REMOVED\AppData\Local\GDIPFONTCACHEV1.DAT

    2016-10-26 10:13 - 2009-07-14 04:45 - 00421352 _____ C:\Windows\system32\FNTCACHE.DAT

    2016-10-25 17:46 - 2016-08-24 15:18 - 00000000 ____D C:\Program Files (x86)\TeamViewer

    2016-10-24 06:02 - 2016-02-07 20:08 - 00000000 ___RD C:\Program Files (x86)\Skype

    2016-10-24 06:02 - 2016-02-07 20:08 - 00000000 ____D C:\ProgramData\Skype

     

    ==================== Files in the root of some directories =======

     

    2016-07-12 13:51 - 2016-07-12 16:16 - 0003584 _____ () C:\Users\NAME REMOVED\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    2016-02-22 07:51 - 2016-02-22 07:51 - 0003734 _____ () C:\Users\NAME REMOVED\AppData\Local\recently-used.xbel

     

    Some files in TEMP:

    ====================

    C:\Users\NAME REMOVED\AppData\Local\Temp\1Password-4.6.1.616.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\AMDCleanupUtility.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\avguirn_081500616094.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\avguirn_081616343568.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\avguirn_081691745747.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\avguirn_081762882401.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\avguirn_08178927560.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\avguirn_08402679186.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\avguirn_08844106758.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\Cleanup.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\ddu.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\difxapi.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\drm_dialogs.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\drm_dyndata_7330017.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\drm_dyndata_7380014.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\drm_dyndata_7380015.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\GLFD923GLFD923.EXE

    C:\Users\NAME REMOVED\AppData\Local\Temp\handbrake-setup.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\libeay32.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\LMkRstPt.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\msvcm80.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\msvcp80.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\msvcr120.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\msvcr80.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\radeon-crimson-15.12-minimalsetup.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\radeon-crimson-16.7.3-minimalsetup-160728_web.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\SIntf16.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\SIntf32.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\SIntfNT.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\SkypeSetup.exe

    C:\Users\NAME REMOVED\AppData\Local\Temp\sqlite3.dll

    C:\Users\NAME REMOVED\AppData\Local\Temp\vlc-2.2.4-win32.exe

     

     

    ==================== Bamital & volsnap ======================

     

    (There is no automatic fix for files that do not pass verification.)

     

    C:\Windows\system32\winlogon.exe => File is digitally signed

    C:\Windows\system32\wininit.exe => File is digitally signed

    C:\Windows\SysWOW64\wininit.exe => File is digitally signed

    C:\Windows\explorer.exe => File is digitally signed

    C:\Windows\SysWOW64\explorer.exe => File is digitally signed

    C:\Windows\system32\svchost.exe => File is digitally signed

    C:\Windows\SysWOW64\svchost.exe => File is digitally signed

    C:\Windows\system32\services.exe => File is digitally signed

    C:\Windows\system32\User32.dll => File is digitally signed

    C:\Windows\SysWOW64\User32.dll => File is digitally signed

    C:\Windows\system32\userinit.exe => File is digitally signed

    C:\Windows\SysWOW64\userinit.exe => File is digitally signed

    C:\Windows\system32\rpcss.dll => File is digitally signed

    C:\Windows\system32\dnsapi.dll => File is digitally signed

    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

     

     

    LastRegBack: 2016-08-27 19:20

     

    ==================== End of FRST.txt ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01

    Ran by NAME REMOVED (20-11-2016 22:27:17)

    Running from D:\6 - Downloads D Drive 1TB

    Windows 7 Professional Service Pack 1 (X64) (2016-02-07 05:02:13)

    Boot Mode: Normal

    ==========================================================

     

     

    ==================== Accounts: =============================

     

    Administrator (S-1-5-21-2475219335-3918251388-134586344-500 - Administrator - Disabled)

    Guest (S-1-5-21-2475219335-3918251388-134586344-501 - Limited - Disabled)

    NAME REMOVED (S-1-5-21-2475219335-3918251388-134586344-1000 - Administrator - Enabled) => C:\Users\NAME REMOVED

     

    ==================== Security Center ========================

     

    (If an entry is included in the fixlist, it will be removed.)

     

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

    AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

     

    ==================== Installed Programs ======================

     

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

     

    1Password 4.6.1.616 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)

    7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)

    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)

    AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)

    ASUS Xonar D2X Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )

    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)

    AVG (HKLM\...\AvgZen) (Version: 1.111.2.45832 - AVG Technologies)

    AVG (Version: 16.131.7924 - AVG Technologies) Hidden

    AVG 2016 (Version: 16.0.4664 - AVG Technologies) Hidden

    AVG Protection (HKLM\...\AVG) (Version: 2016.131.7924 - AVG Technologies)

    AVG Zen (Version: 1.111.9 - AVG Technologies) Hidden

    Brother MFL-Pro Suite MFC-7860DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)

    Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)

    Catalyst Control Center Next Localization BR (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization CHS (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization CHT (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization CS (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization DA (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization DE (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization EL (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization ES (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization FI (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization FR (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization HU (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization IT (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization JA (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization KO (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization NL (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization NO (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization PL (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization RU (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization SV (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization TH (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    Catalyst Control Center Next Localization TR (Version: 2016.1115.1552.28539 - Advanced Micro Devices, Inc.) Hidden

    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)

    Core Temp 1.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.1 - Alcpu)

    CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )

    CrystalDiskInfo 6.7.5 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.7.5 - Crystal Dew World)

    CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )

    CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2407 - CyberLink Corp.)

    CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.6210 - CyberLink Corp.)

    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2623 - CyberLink Corp.)

    CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1423 - CyberLink Corp.)

    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)

    CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)

    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5522.55 - CyberLink Corp.)

    CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2429 - CyberLink Corp.)

    Data Lifeguard Diagnostic for Windows 1.29 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)

    DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.92 - DivX, LLC)

    Easy Tune 6 B12.1121.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)

    Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden

    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

    FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden

    GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)

    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)

    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

    Greenshot 1.2.8.14 (HKLM\...\Greenshot_is1) (Version: 1.2.8.14 - Greenshot)

    HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )

    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

    Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)

    KeePass Password Safe 2.32 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.32 - Dominik Reichl)

    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

    Life Is Strange™ (HKLM\...\Steam App 319630) (Version:  - DONTNOD Entertainment)

    LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)

    Logitech Gaming Software 8.83 (HKLM\...\Logitech Gaming Software) (Version: 8.83.85 - Logitech Inc.)

    Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)

    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

    marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)

    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

    Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)

    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

    ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)

    Mozilla Firefox 49.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-GB)) (Version: 49.0.2 - Mozilla)

    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)

    Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)

    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

    Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)

    Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)

    NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)

    NVMS1000 (HKLM-x32\...\InstallShield_{D7079657-6D6A-4AD2-ABAB-416A10D44F66}) (Version: 1.00.0000 -   )

    NVMS1000 (x32 Version: 1.00.0000 -   ) Hidden

    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

    OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

    PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)

    Platform (x32 Version: 1.40 - VIA Technologies, Inc.) Hidden

    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)

    Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)

    Rapport (x32 Version: 3.5.1609.103 - Trusteer) Hidden

    Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)

    Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)

    RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)

    Scansoft PDF Professional (x32 Version:  - ) Hidden

    Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)

    Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)

    Spotify (HKU\S-1-5-21-2475219335-3918251388-134586344-1000\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)

    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

    SuperPlay (HKLM-x32\...\{EF25B4CF-F24C-49D7-82DC-32C99210ECD1}) (Version: 1.0.0 - SuperPlay)

    TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)

    Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.103 - Trusteer)

    TXTcollector (HKLM-x32\...\TXTcollector_is1) (Version: 2.0.2 - Bluefive software)

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

    Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)

    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)

    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

    Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)

    Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0-2) (Version: 1.0.21.0 - LunarG, Inc.)

    Vulkan Run Time Libraries 1.0.21.0 (Version: 1.0.21.0 - LunarG, Inc.) Hidden

    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)

    Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden

    Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-2) (Version: 1.0.3.1 - LunarG, Inc.)

    Vulkan Run Time Libraries 1.0.3.1 (Version: 1.0.3.1 - LunarG, Inc.) Hidden

    Vulkan Run Time Libraries 1.0.8.0 (HKLM\...\VulkanRT1.0.8.0) (Version: 1.0.8.0 - LunarG, Inc.)

    WebClient (HKLM-x32\...\WebClient) (Version:  - )

    WinX DVD Ripper Platinum 7.5.15 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)

     

    ==================== Custom CLSID (Whitelisted): ==========================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

     

    ==================== Scheduled Tasks (Whitelisted) =============

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

    Task: {0B02AEF0-174E-4BF0-80BE-C9D9654F7F45} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-08-29] (DivX, LLC)

    Task: {1EBEF9ED-BDCF-45D0-8B1D-AA20D30C9390} - System32\Tasks\0216pizUpdateInfo => C:\ProgramData\Avg_Update_0216piz\0216piz_AVG-Secure-Search-Update.exe

    Task: {26AEAC00-237F-4BB4-8B86-5FB662DC3007} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe

    Task: {3C0A8DF4-8979-4599-B357-B9A69BD866E2} - System32\Tasks\{C5DB102E-7209-4F1D-97CE-713E0C102413} => pcalua.exe -a "C:\Program Files (x86)\Recon\recon.exe" -d "C:\Program Files (x86)\Recon"

    Task: {4A4FCB66-B059-4402-AD19-E34DF951E096} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-07] (Google Inc.)

    Task: {4AEECD5D-6FA7-45DD-ADDA-6794036F61A7} - System32\Tasks\{6E879B55-8403-460C-AF0F-4EA863062505} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.111/en/abandoninstall?source=lightinstaller&amp;page=tsPlugin

    Task: {69BA3A0D-0081-453B-9369-32F126B271CF} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2015-07-27] (CyberLink Corp.)

    Task: {77B9ABC3-97D5-4A9A-B81E-6F4D9133CFEA} - System32\Tasks\{EE17C9DE-8D7E-42D1-97C3-374BFD12237B} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.111/en/abandoninstall?source=lightinstaller&amp;page=tsMain

    Task: {77EEC41B-8A4E-484F-BB4A-420447237085} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-16] (Adobe Systems Incorporated)

    Task: {8A1F0E5D-2AAE-4349-BABD-5A3AEED427A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)

    Task: {8FEE22B8-8627-445A-B710-D7048A27EC7D} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.)

    Task: {D54B52A0-6339-44D1-8730-E0341152BAF3} - System32\Tasks\{AA56030C-1908-4585-AB98-59C5663A99A6} => pcalua.exe -a "D:\6 - Downloads D Drive 1TB\17124_01.exe" -d "D:\6 - Downloads D Drive 1TB"

    Task: {E74D8E67-DEC4-4223-A971-AF9685101FE1} - System32\Tasks\{CDD48902-A7A2-4882-A558-19A9A350E8CC} => pcalua.exe -a C:\Windows\SysWOW64\DivXControlPanelApplet.cpl -c DivX Control Panel

    Task: {E8CEF499-30AA-48A8-9ECE-0961E2B57F02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-07] (Google Inc.)

     

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

     

    Task: C:\Windows\Tasks\0216pizUpdateInfo.job => C:\ProgramData\Avg_Update_0216piz\0216piz_AVG-Secure-Search-Update.exe

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

     

    ==================== Shortcuts =============================

     

    (The entries could be listed to be restored or removed.)

     

    ==================== Loaded Modules (Whitelisted) ==============

     

    2016-02-07 18:28 - 2005-04-22 04:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll

    2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

    2016-02-07 16:12 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

     

    ==================== Alternate Data Streams (Whitelisted) =========

     

    ==================== Safe Mode (Whitelisted) ===================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

     

     

    ==================== Association (Whitelisted) ===============

     

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

     

     

    ==================== Internet Explorer trusted/restricted ===============

     

    (If an entry is included in the fixlist, it will be removed from the registry.)

     

     

    ==================== Hosts content: ===============================

     

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

     

    2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

     

     

    ==================== Other Areas ============================

     

    (Currently there is no automatic fix for this section.)

     

    HKU\S-1-5-21-2475219335-3918251388-134586344-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\NAME REMOVED\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    DNS Servers: 192.168.0.1

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

    Windows Firewall is enabled.

     

    ==================== MSCONFIG/TASK MANAGER disabled items ==

     

     

    ==================== FirewallRules (Whitelisted) ===============

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

    FirewallRules: [{BA99CF0E-04F1-4EE8-90AD-2AD34FAB021B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{8FFED5E1-9858-40AA-9B29-2738C73563F8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{DD125580-1D36-4952-810A-E4FA9FD74C92}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe

    FirewallRules: [{B1A29BF6-92C2-484A-8031-55021B0306EA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe

    FirewallRules: [{983BF61C-A170-4F59-9F4C-93B48703EA5B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe

    FirewallRules: [{05AA8050-DEF1-4624-913E-FE308883E6F5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe

    FirewallRules: [{72E24AA4-C5D3-421C-969C-F3E0B73F0F88}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe

    FirewallRules: [{C5F7D07C-85AB-4C6B-BC28-45C61A45AF87}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe

    FirewallRules: [{97EBC9DC-4B83-4BA7-88E1-3074A18EBDC1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe

    FirewallRules: [{5D846BE6-EFDE-47AB-A7A1-5FA6983F19FD}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe

    FirewallRules: [{99F24226-56FA-4625-8CFD-7D0CEB1A1CF5}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe

    FirewallRules: [{E3959D54-02CE-465D-A359-7C0AA854882C}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe

    FirewallRules: [{87B9B645-7BAA-4CBE-82D7-61CF76F39380}] => (Allow) LPort=54925

    FirewallRules: [{D10449DC-46E0-4A5C-98C0-2A1A5030F496}] => (Allow) D:\Steam\Steam.exe

    FirewallRules: [{D3202B33-EFF7-4D19-AC67-442F6BDA9436}] => (Allow) D:\Steam\Steam.exe

    FirewallRules: [{4B40E487-1E55-4D1B-90EC-79DEAD4E3C31}] => (Allow) D:\Steam\bin\steamwebhelper.exe

    FirewallRules: [{B1591FB4-D9DC-4B86-9A85-FEB37DAC4D5E}] => (Allow) D:\Steam\bin\steamwebhelper.exe

    FirewallRules: [{08841212-8CD0-4105-A98A-EF692BA0CAB3}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe

    FirewallRules: [{148334C9-9314-4BF1-9ECD-9C7B5EBE30CB}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe

    FirewallRules: [{3D4B1526-75E1-46EF-B980-80DAA1B9EE29}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe

    FirewallRules: [{A0254904-FE8D-4EA9-96D8-2E1DADD1E0EE}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe

    FirewallRules: [{E533D19B-7031-4258-B781-F6A5D36B596D}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe

    FirewallRules: [{8644BB30-4BDB-4764-BD88-940C12D3C9DB}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe

    FirewallRules: [{C4293EB6-C106-4A74-B6FD-7B0DA477749C}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe

    FirewallRules: [{E4E026D3-3602-42B8-ADE6-C10B88FFB6B4}] => (Allow) D:\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe

    FirewallRules: [{353E1573-7D4B-419B-956B-96B141648B24}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe

    FirewallRules: [{A5B0540D-7882-428D-9CDF-39090EC13292}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe

    FirewallRules: [{F79616CA-969D-4987-A4D9-D834DCABDE44}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

    FirewallRules: [{A72EE186-2D52-47B1-90D4-D7AB479E9F78}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

    FirewallRules: [{4BC32E87-60E7-4655-8FF5-41F3C31E0E01}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

    FirewallRules: [{CAC07DBB-FD23-4183-A34D-5D03767CFB23}] => (Allow) D:\Steam\SteamApps\common\Nexuiz Beta\Bin32\Nexuiz.exe

    FirewallRules: [{E5C68FA7-A3BE-453C-8322-FD94BBE0068C}] => (Allow) D:\Steam\SteamApps\common\Nexuiz Beta\Bin32\Nexuiz.exe

    FirewallRules: [{A98D58CA-2FC6-4DDD-806F-B384FAB7C389}] => (Allow) D:\Steam\SteamApps\common\Nexuiz Beta\Bin32\DedicatedServer.exe

    FirewallRules: [{30B22BA2-9771-4DF3-9C73-761D1D10D27C}] => (Allow) D:\Steam\SteamApps\common\Nexuiz Beta\Bin32\DedicatedServer.exe

    FirewallRules: [{A3301A13-2841-4138-8C24-3D34F4771953}] => (Allow) D:\Steam\SteamApps\common\Nexuiz\Bin32\Nexuiz.exe

    FirewallRules: [{53D3521E-B898-4FC4-A9C3-5B2C0C18BFD6}] => (Allow) D:\Steam\SteamApps\common\Nexuiz\Bin32\Nexuiz.exe

    FirewallRules: [{98169F1A-D3F7-485B-9E86-9A6B7C403588}] => (Allow) D:\Steam\SteamApps\common\Nexuiz\Bin32\Editor.exe

    FirewallRules: [{1740F3A4-BBDA-4E4B-93B7-3A302DF7345E}] => (Allow) D:\Steam\SteamApps\common\Nexuiz\Bin32\Editor.exe

    FirewallRules: [{3AFC1A74-8073-48C0-A306-0672B53E7FE1}] => (Allow) %ProgramFiles% (x86)\Recon\fancontroller_service.exe

    FirewallRules: [{B4630E4D-10DE-4366-ACB9-057382F8BBA0}] => (Allow) C:\Program Files (x86)\Recon\fancontroller_daemon.exe

    FirewallRules: [{B9AAFE45-E45E-4C04-9C8F-749F2ECC52C0}] => (Allow) C:\Program Files (x86)\Recon\fancontroller_daemon.exe

    FirewallRules: [{835ADFC2-8342-457B-92D2-2DD21CF48E7F}] => (Allow) C:\Program Files (x86)\Recon\fancontroller_daemon.exe

    FirewallRules: [{DD40CB2D-0A5A-4195-A4B1-E52EDD0F2CCF}] => (Allow) C:\Program Files (x86)\Recon\fancontroller_daemon.exe

    FirewallRules: [{8F2273EF-FCB9-4BA3-A8E5-2B9A5198B14F}] => (Allow) C:\Program Files (x86)\Recon\fancontroller_service.exe

    FirewallRules: [{5A8E275E-587E-4FDE-A110-7EC1AB937E84}] => (Allow) C:\Program Files (x86)\Recon\fancontroller_service.exe

    FirewallRules: [{8E3B4C0D-7E81-4629-BC15-D7CCF949B855}] => (Allow) C:\Program Files (x86)\Recon\fancontroller_service.exe

    FirewallRules: [{63890D03-EA2B-4AD1-B5E2-1DA063091F7D}] => (Allow) C:\Program Files (x86)\Recon\fancontroller_service.exe

    FirewallRules: [{55E73F09-17C3-430E-937F-65C387CD9AB3}] => (Allow) C:\Program Files (x86)\Recon\recon.exe

    FirewallRules: [{84A40096-8248-420F-BCF7-2C5DE119D95F}] => (Allow) C:\Program Files (x86)\Recon\recon.exe

    FirewallRules: [{8360293F-C39D-4EF8-834A-5FB7581EE4E0}] => (Allow) C:\Program Files (x86)\Recon\recon.exe

    FirewallRules: [{66D08106-B37C-403F-9BCD-BD6D5C5DDD02}] => (Allow) C:\Program Files (x86)\Recon\recon.exe

    FirewallRules: [{D19AA35D-1D3D-4C8E-A048-752D5DD14C38}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

    FirewallRules: [{28424C7C-5C74-4DC2-B30F-8F04A61C9ADD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

    FirewallRules: [TCP Query User{272F19BA-E227-4677-B96C-25DEBAB455AA}C:\program files (x86)\magictune premium\magictune.exe] => (Allow) C:\program files (x86)\magictune premium\magictune.exe

    FirewallRules: [UDP Query User{6AFA4A9A-E563-4469-8A83-0C2A6AFAC4B5}C:\program files (x86)\magictune premium\magictune.exe] => (Allow) C:\program files (x86)\magictune premium\magictune.exe

    FirewallRules: [{1E41597E-503B-40E1-B927-36A155E60656}] => (Block) C:\program files (x86)\magictune premium\magictune.exe

    FirewallRules: [{055EC0A5-E97D-4175-BE0F-41DEA86E36F5}] => (Block) C:\program files (x86)\magictune premium\magictune.exe

    FirewallRules: [TCP Query User{D532F12C-00D0-413B-810F-633A632A21D7}C:\users\NAME REMOVED\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\NAME REMOVED\appdata\roaming\spotify\spotify.exe

    FirewallRules: [UDP Query User{4D062084-7C37-4499-8A33-38D890DF00F9}C:\users\NAME REMOVED\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\NAME REMOVED\appdata\roaming\spotify\spotify.exe

    FirewallRules: [TCP Query User{0CB94ECC-B897-4530-9F28-F66F90FA25D5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

    FirewallRules: [UDP Query User{7CB41734-FE51-4F40-AEB6-F1C45683DC6C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

    FirewallRules: [{E07E0E4D-85A9-42E8-AF31-DEB76BC4D184}] => (Allow) D:\Steam\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe

    FirewallRules: [{5F226A38-FB10-4CE8-B0A5-952A9586C0EA}] => (Allow) D:\Steam\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe

    FirewallRules: [{351B5860-573C-404A-81B6-9EFDEA47F3AC}] => (Allow) D:\Games\C&C Tiberium Wars\RetailExe\1.9\cnc3game.dat

    FirewallRules: [TCP Query User{AAEFA3EB-6AFD-4A97-9538-0666A2AD796B}D:\games\cod2\cod2mp_s.exe] => (Allow) D:\games\cod2\cod2mp_s.exe

    FirewallRules: [UDP Query User{5E5AC29A-2EC0-42BA-A49D-EFC6B56EF586}D:\games\cod2\cod2mp_s.exe] => (Allow) D:\games\cod2\cod2mp_s.exe

    FirewallRules: [TCP Query User{F311F05D-DA6F-47F0-AE9F-DD2DD75B3DB5}C:\program files (x86)\nvms-1000\nvms-1000.exe] => (Allow) C:\program files (x86)\nvms-1000\nvms-1000.exe

    FirewallRules: [UDP Query User{E9D577F6-1082-43F7-9FB3-BA1E8035789C}C:\program files (x86)\nvms-1000\nvms-1000.exe] => (Allow) C:\program files (x86)\nvms-1000\nvms-1000.exe

    FirewallRules: [{343DFEB8-53AA-4117-89F3-0E6CEE69FD6C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe

    FirewallRules: [{E0766700-459A-4FC4-A0A1-8F6E8C63809A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    FirewallRules: [{718F1EB7-3E7A-4758-952C-E7AC09BD6C59}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

    FirewallRules: [{24D08BF9-023A-43D6-BE37-157946F47CB0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

    FirewallRules: [{36480C9F-23CB-4045-B716-C490491982A0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

    FirewallRules: [{50E6B9E2-D8BC-4031-9108-89B4A5C83F5B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

     

    ==================== Restore Points =========================

     

    18-11-2016 09:46:48 Windows Update

    19-11-2016 12:45:21 Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters

    20-11-2016 21:45:36 Windows Update

    20-11-2016 21:51:38 Windows Update

    20-11-2016 22:17:17 JRT Pre-Junkware Removal

     

    ==================== Faulty Device Manager Devices =============

     

    Name:

    Description:

    Class Guid:

    Manufacturer:

    Service:

    Problem: : The drivers for this device are not installed. (Code 28)

    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

     

     

    ==================== Event log errors: =========================

     

    Application errors:

    ==================

    Error: (11/20/2016 10:24:18 PM) (Source: ATIeRecord) (EventID: 16387) (User: )

    Description: ATI EEU Service event error

     

    Error: (11/20/2016 10:23:04 PM) (Source: ATIeRecord) (EventID: 16387) (User: )

    Description: ATI EEU Service event error

     

    Error: (11/20/2016 10:21:58 PM) (Source: ATIeRecord) (EventID: 16387) (User: )

    Description: ATI EEU Service event error

     

    Error: (11/20/2016 10:21:45 PM) (Source: ATIeRecord) (EventID: 16387) (User: )

    Description: ATI EEU Service event error

     

    Error: (11/20/2016 10:17:33 PM) (Source: ATIeRecord) (EventID: 16387) (User: )

    Description: ATI EEU Service event error

     

    Error: (11/20/2016 10:17:30 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2

    Faulting module name: libcef.dll, version: 3.2623.1395.0, time stamp: 0x57a38be1

    Exception code: 0xc0000005

    Fault offset: 0x02042cd2

    Faulting process id: 0x1b88

    Faulting application start time: 0x01d2437b249c5293

    Faulting application path: D:\Steam\bin\cef\cef.winxp\steamwebhelper.exe

    Faulting module path: D:\Steam\bin\cef\cef.winxp\libcef.dll

    Report Id: 203dcaea-af6f-11e6-898f-902b34342adc

     

    Error: (11/20/2016 10:13:22 PM) (Source: WinMgmt) (EventID: 10) (User: )

    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

     

    Error: (11/20/2016 10:01:06 PM) (Source: SideBySide) (EventID: 80) (User: )

    Description: Activation context generation failed for "D:\6 - Downloads D Drive 1TB\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .

    A component version required by the application conflicts with another component version already active.

    Conflicting components are:.

    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

     

    Error: (11/20/2016 09:47:37 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )

    Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

     

    Error: (11/20/2016 09:47:37 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )

    Description: License acquisition failure details.

    hr=0x80072EE7

     

     

    System errors:

    =============

    Error: (11/20/2016 10:11:55 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

    Description: The ScRegSetValueExW call failed for FailureActions with the following error:

    Access is denied.

     

    Error: (11/20/2016 10:11:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

    Description: The following boot-start or system-start driver(s) failed to load:

    cdrom

     

    Error: (11/20/2016 10:11:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

    Description: The ScRegSetValueExW call failed for FailureActions with the following error:

    Access is denied.

     

    Error: (11/20/2016 10:10:57 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

    Description: Microsoft Antimalware has encountered an error trying to update signatures.

     

                    New Signature Version:

     

                    Previous Signature Version: 1.233.29.0

     

                    Update Source: Microsoft Update Server

     

                    Update Stage: Search

     

                    Source Path: http://www.microsoft.com

     

                    Signature Type: AntiVirus

     

                    Update Type: Full

     

                    User: NT AUTHORITY\SYSTEM

     

                    Current Engine Version:

     

                    Previous Engine Version: 1.1.13303.0

     

                    Error code: 0x8024001e

     

                    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

     

    Error: (11/20/2016 10:09:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

    Description: The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

     

    Error: (11/20/2016 10:09:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

    Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

     

    Error: (11/20/2016 10:09:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

    Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

     

    Error: (11/20/2016 10:09:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

    Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

     

    Error: (11/20/2016 10:09:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

    Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

     

    Error: (11/20/2016 10:09:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

    Description: The PDFProFiltSrvPP service terminated unexpectedly.  It has done this 1 time(s).

     

     

    ==================== Memory info ===========================

     

    Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz

    Percentage of memory in use: 30%

    Total physical RAM: 8152.23 MB

    Available physical RAM: 5645.45 MB

    Total Virtual: 16302.64 MB

    Available Virtual: 13436.06 MB

     

    ==================== Drives ================================

     

    Drive c: () (Fixed) (Total:119.14 GB) (Free:53.26 GB) NTFS

    Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:46.83 GB) NTFS

     

    ==================== MBR & Partition Table ==================

     

    ========================================================

    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: DA48C5B1)

    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

    Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

     

    ========================================================

    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 43513E87)

    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

     

    ==================== End of Addition.txt ============================


    • 0

    #5
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     
     
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy(Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File.)
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As,(to your desktop) Save.  (Note the file name) Open the file on your desktop and copy and paste the text to a reply.
     
     

    • 0

    #6
    Waterfireearth

    Waterfireearth

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    SFC scan result was 'Windows Resource Protection did not find any integrity violations.

     

    So am I still supposed to follow the instructions starting from '1. Please download the Event Viewer Tool by Vino Rosso

     
    Also, any idea why MSE stopped working for me? Clicking it did nothing. So I installed AVG. This was over 6 months ago.

    Edited by Waterfireearth, 21 November 2016 - 02:22 AM.

    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    Yes. Run the event viewer tool, speccy & Process Explorer.  I will be offline most of the day.  Have to drive into Orlando.


    • 0

    #8
    Waterfireearth

    Waterfireearth

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    Why does speccy list ip addresses?

     

    It has generated over 200 pages of text....


    Edited by Waterfireearth, 21 November 2016 - 05:48 AM.

    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    The IP addresses are for the most part the sites you are currently connected to or have just disconnected from.  If you have that many it's probably a sign that something funny is going on like your PC is being used for a bot net controller. 


    • 0

    #10
    Waterfireearth

    Waterfireearth

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    OK thanks. But why has speccy made over 200 pages of text?

     

    Also, from everything I have posted following your advice, what is it you see so far (from the resutls of the various reports)?


    Edited by Waterfireearth, 22 November 2016 - 12:58 PM.

    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    Speccy is usually much shorter.  Without seeing some of the pages I can't tell you what is wrong.

     

    Mostly what I usually look at is the temperatures and the condition of the hard drive.  

     

    Can you at least run the  Event Viewer Tool and Process Explorer?


    • 0

    #12
    Waterfireearth

    Waterfireearth

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    I have run all of them and have the results ready.

     

    However you didn't tell me:

    ''Also, from everything I have posted following your advice, what is it you see so far (from the resutls of the various reports)?''


    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    Since I haven't seen the results yet I can't answer that.


    • 0

    #14
    Waterfireearth

    Waterfireearth

      Member

    • Topic Starter
    • Member
    • PipPip
    • 17 posts

    Yes you have. I posted them above. What are you talking about?


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    No sign of Process Explorer, Speccy or VEW.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP