Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hacked

Started by dolface755 , Mar 09 2017 03:45 PM

Please log in to reply

#1
dolface755

Posted 09 March 2017 - 03:45 PM

Member

Member
249 posts

Ok before I start I apologize if this isn't where I'm supposed to be posting this but I took a guess.

Long story short...my room mate's computer had been hacked by one of those stupid things saying he was hacked so he called the number and let whoever log onto his computer.....Obviously it was crap ...NOW I have to try and fix it

I've already run all the malware and virus and deleted all the files I could find that this person left behind to access his computer, what I'm wondering is....

Could I just change the ISP, login and password for the WEP would that help if this horrible person left something behind to allow him in the back door....or do I really have to formatt and start from scratch to make sure there's nothing hiding.

All Windows security patches and AVG updates etc have been done

I also did a search for any files added the day this happened and deleted what I found.

Please let me know if I can just change or if I have other things I need to scan for

Thank you

#2
RKinner

Posted 13 March 2017 - 05:43 AM

Malware Expert

Expert
24,625 posts

Can I see a FRST scan?

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Check the Addition.txt box

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Might as well also check for rootkits:

Download aswMBR.exe to your desktop.

The link is a direct download so the page won't change.

Right click the aswMBR.exe and select Run As Administrator to run it

Wait until the AV Scan shows up at the bottom left.

Change AV Scan: from Quick Scan to C:\

Click the "Scan" button to start scan

If it asks you to allow the Avast engine to download then say Yes. It will take a while to finish.

On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply

If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

#3
dolface755

Posted 29 March 2017 - 08:46 AM

Member

Topic Starter
Member
249 posts

I apologize for delay. We had some health issues to deal with lately. I will run the two scan now and post the results.

truly thank you for your help

#4
dolface755

Posted 29 March 2017 - 08:59 AM

Member

Topic Starter
Member
249 posts

Here are the results from the FRST scan plus the Addition one......

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017

Ran by David Salter (administrator) on DAVIDSALTER-PC (29-03-2017 07:53:29)

Running from C:\Users\David Salter\Desktop

Loaded Profiles: David Salter & Donna (Available Profiles: David Salter & Donna)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe

(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor)

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-10-07] ()

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)

HKU\S-1-5-21-306836380-3015734-3570109687-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)

HKU\S-1-5-21-306836380-3015734-3570109687-1000\...\MountPoints2: {39d3fbda-7b0d-11e3-a71a-806e6f6e6963} - D:\Autorun.exe

HKU\S-1-5-21-306836380-3015734-3570109687-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)

HKU\S-1-5-21-306836380-3015734-3570109687-1003\...\MountPoints2: {39d3fbda-7b0d-11e3-a71a-806e6f6e6963} - D:\Autorun.exe

Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2017-03-19]

ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122

Tcpip\..\Interfaces\{DEEDC928-EEC6-4D3D-B02D-AE2A38095361}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{E0B8131A-07A6-4117-948B-46763AE840E6}: [DhcpNameServer] 192.168.1.254 75.153.171.122

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-306836380-3015734-3570109687-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={60ED2CFE-39B0-4E63-B691-7A7A407A742C}&mid=3562d3d4afad47d2bd267d6b4d5b74d9-9ed2845fcb594ff51549b2ea996394e3918a2a16&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-11-04 19:02:55&v=4.1.8.599&pid=wtu&sg=&sap=dsp&q={searchTerms}

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-11] (Oracle Corporation)

BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll [2016-10-07] (AVG)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-11] (Oracle Corporation)

FireFox:

========

FF ProfilePath: C:\Users\David Salter\AppData\Roaming\Mozilla\Firefox\Profiles\60ew1kf0.default [2017-03-29]

FF Homepage: Mozilla\Firefox\Profiles\60ew1kf0.default -> hxxps://ca.yahoo.com/

FF Keyword.URL: Mozilla\Firefox\Profiles\60ew1kf0.default ->

FF Extension: (Garmin Communicator) - C:\Users\David Salter\AppData\Roaming\Mozilla\Firefox\Profiles\60ew1kf0.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-09-26] [not signed]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-10-07]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [No File]

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-11] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-11] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-306836380-3015734-3570109687-1000: @citrixonline.com/appdetectorplugin -> C:\Users\David Salter\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-22] (Citrix Online)

FF Plugin HKU\S-1-5-21-306836380-3015734-3570109687-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Donna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-306836380-3015734-3570109687-1003: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll [No File]

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)

Chrome:

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> hxxps://ca.yahoo.ca/

CHR StartupUrls: Default -> "hxxps://ca.yahoo.com/"

CHR NewTab: Default -> Not-active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/stubby.html"

CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}

CHR DefaultSearchKeyword: Default -> yahoo.com

CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}

CHR Profile: C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default [2017-03-29]

CHR Extension: (YouTube) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (OnlineMapFinder) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd [2017-03-23]

CHR Extension: (Google Search) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Chrome Web Store Payments) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]

CHR Extension: (Gmail) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR Extension: (Chrome Media Router) - C:\Users\David Salter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [1002552 2017-02-22] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5334432 2017-02-22] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [729048 2017-02-22] (AVG Technologies CZ, s.r.o.)

R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)

R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)

S2 vToolbarUpdater40.3.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe [1349704 2016-10-07] (AVG Secure Search)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-10-07] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313088 2017-02-20] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)

R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)

R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-29 07:53 - 2017-03-29 07:53 - 00013821 _____ C:\Users\David Salter\Desktop\FRST.txt

2017-03-29 07:47 - 2017-03-29 07:47 - 05200384 _____ (AVAST Software) C:\Users\David Salter\Desktop\aswmbr.exe

2017-03-29 07:47 - 2017-03-29 07:47 - 02424832 _____ (Farbar) C:\Users\David Salter\Desktop\FRST64.exe

2017-03-21 05:01 - 2017-03-04 10:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2017-03-21 05:01 - 2017-03-04 09:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2017-03-21 05:01 - 2017-03-04 01:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2017-03-21 05:01 - 2017-03-04 01:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2017-03-21 05:01 - 2017-03-04 01:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2017-03-21 05:01 - 2017-03-04 01:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2017-03-21 05:01 - 2017-03-04 01:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2017-03-21 05:01 - 2017-03-04 01:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2017-03-21 05:01 - 2017-03-04 01:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2017-03-21 05:01 - 2017-03-04 00:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2017-03-21 05:01 - 2017-03-04 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2017-03-21 05:01 - 2017-03-04 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2017-03-21 05:01 - 2017-03-04 00:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2017-03-21 05:01 - 2017-03-04 00:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2017-03-21 05:01 - 2017-03-04 00:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2017-03-21 05:01 - 2017-03-04 00:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2017-03-21 05:01 - 2017-03-04 00:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2017-03-21 05:01 - 2017-03-04 00:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2017-03-21 05:01 - 2017-03-04 00:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2017-03-21 05:01 - 2017-03-04 00:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2017-03-21 05:01 - 2017-03-04 00:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2017-03-21 05:01 - 2017-03-04 00:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2017-03-21 05:01 - 2017-03-04 00:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2017-03-21 05:01 - 2017-03-04 00:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2017-03-21 05:01 - 2017-03-04 00:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2017-03-21 05:01 - 2017-03-04 00:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2017-03-21 05:01 - 2017-03-04 00:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2017-03-21 05:01 - 2017-03-03 23:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2017-03-21 05:01 - 2017-03-03 23:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2017-03-21 05:01 - 2017-03-03 23:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2017-03-21 05:01 - 2017-03-03 23:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2017-03-21 05:01 - 2017-03-03 23:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2017-03-21 05:01 - 2017-03-03 23:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2017-03-21 05:01 - 2017-03-03 23:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2017-03-21 05:01 - 2017-03-03 23:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2017-03-21 05:01 - 2017-03-03 23:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2017-03-21 05:01 - 2017-03-03 21:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2017-03-21 05:01 - 2017-03-02 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2017-03-21 05:01 - 2017-03-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2017-03-21 05:01 - 2017-03-02 11:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2017-03-21 05:01 - 2017-03-02 11:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2017-03-21 05:01 - 2017-03-02 11:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2017-03-21 05:01 - 2017-03-02 11:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2017-03-21 05:01 - 2017-03-02 10:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2017-03-21 05:01 - 2017-03-02 10:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2017-03-21 05:01 - 2017-03-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2017-03-21 05:01 - 2017-03-02 10:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2017-03-21 05:01 - 2017-03-02 10:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2017-03-21 05:01 - 2017-03-02 10:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2017-03-21 05:01 - 2017-03-02 10:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2017-03-21 05:01 - 2017-03-02 10:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2017-03-21 05:01 - 2017-03-02 10:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2017-03-21 05:01 - 2017-03-02 10:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2017-03-21 05:01 - 2017-03-02 10:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2017-03-21 05:01 - 2017-03-02 10:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2017-03-21 05:01 - 2017-03-02 10:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2017-03-21 05:01 - 2017-03-02 10:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2017-03-21 05:01 - 2017-03-02 10:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2017-03-21 05:01 - 2017-03-02 10:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2017-03-21 05:01 - 2017-03-02 10:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2017-03-21 05:01 - 2017-03-02 10:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2017-03-21 05:01 - 2017-03-02 10:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2017-03-21 05:01 - 2017-03-02 10:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2017-03-21 05:01 - 2017-03-02 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2017-03-21 05:01 - 2017-03-02 09:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2017-03-21 05:01 - 2017-03-02 09:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2017-03-21 05:01 - 2017-02-11 08:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2017-03-21 05:01 - 2017-02-11 08:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2017-03-21 05:01 - 2017-02-11 08:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2017-03-21 05:01 - 2017-02-10 09:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2017-03-21 05:01 - 2017-02-10 09:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2017-03-21 05:01 - 2017-02-10 09:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2017-03-21 05:01 - 2017-02-10 09:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2017-03-21 05:01 - 2017-02-10 07:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2017-03-21 05:01 - 2017-02-09 09:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2017-03-21 05:01 - 2017-02-09 09:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2017-03-21 05:01 - 2017-02-09 09:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2017-03-21 05:01 - 2017-02-09 09:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2017-03-21 05:01 - 2017-02-09 09:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2017-03-21 05:01 - 2017-02-09 09:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2017-03-21 05:01 - 2017-02-09 09:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2017-03-21 05:01 - 2017-02-09 09:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2017-03-21 05:01 - 2017-02-09 09:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 09:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2017-03-21 05:01 - 2017-02-09 09:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2017-03-21 05:01 - 2017-02-09 09:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2017-03-21 05:01 - 2017-02-09 09:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2017-03-21 05:01 - 2017-02-09 09:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2017-03-21 05:01 - 2017-02-09 08:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2017-03-21 05:01 - 2017-02-09 08:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2017-03-21 05:01 - 2017-02-09 08:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2017-03-21 05:01 - 2017-02-09 08:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2017-03-21 05:01 - 2017-02-09 08:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2017-03-21 05:01 - 2017-02-09 08:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2017-03-21 05:01 - 2017-02-09 08:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2017-03-21 05:01 - 2017-02-09 08:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2017-03-21 05:01 - 2017-02-09 08:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll

2017-03-21 05:01 - 2017-02-09 08:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2017-03-21 05:01 - 2017-02-09 08:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2017-03-21 05:01 - 2017-02-09 08:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2017-03-21 05:01 - 2017-02-09 08:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2017-03-21 05:01 - 2017-02-09 08:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2017-03-21 05:01 - 2017-02-09 08:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 08:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 08:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 08:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2017-03-21 05:01 - 2017-02-09 07:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2017-03-21 05:01 - 2017-02-09 07:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2017-03-21 05:01 - 2017-02-06 09:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe

2017-03-21 05:01 - 2017-01-13 11:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2017-03-21 05:01 - 2017-01-13 11:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll

2017-03-21 05:01 - 2017-01-13 10:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2017-03-21 05:01 - 2017-01-13 10:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll

2017-03-21 05:01 - 2017-01-11 11:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2017-03-21 05:01 - 2017-01-11 11:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2017-03-21 05:01 - 2017-01-11 10:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2017-03-21 05:01 - 2017-01-11 10:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2017-03-21 05:01 - 2017-01-06 11:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2017-03-21 05:01 - 2017-01-06 10:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2017-03-09 15:58 - 2017-03-09 15:58 - 00002150 _____ C:\Users\David Salter\Documents\datemodified‎2-‎24-‎2017.search-ms

2017-03-09 15:36 - 2017-02-22 16:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2017-03-09 15:36 - 2017-02-22 16:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2017-03-09 15:36 - 2017-02-18 07:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2017-03-09 15:36 - 2017-02-18 07:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2017-03-09 15:36 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2017-03-09 15:36 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2017-03-09 15:36 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll

2017-03-09 15:36 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2017-03-09 15:36 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-29 07:53 - 2014-08-12 09:44 - 00000000 ____D C:\FRST

2017-03-29 04:56 - 2014-01-09 18:31 - 00000000 ____D C:\ProgramData\MFAData

2017-03-29 03:31 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-03-29 03:31 - 2009-07-13 21:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-03-28 16:03 - 2014-02-20 17:03 - 00000264 _____ C:\Windows\Tasks\AutoKMS.job

2017-03-28 09:51 - 2016-10-15 23:00 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task

2017-03-21 15:23 - 2016-07-26 09:30 - 00000000 ____D C:\ProgramData\Foxit Software

2017-03-21 15:23 - 2014-01-10 21:29 - 00002816 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2017-03-21 05:50 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache

2017-03-21 05:17 - 2009-07-13 22:13 - 00785794 _____ C:\Windows\system32\PerfStringBackup.INI

2017-03-21 05:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf

2017-03-21 05:13 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-03-21 05:13 - 2009-07-13 21:45 - 00438384 _____ C:\Windows\system32\FNTCACHE.DAT

2017-03-21 05:12 - 2014-10-16 03:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2017-03-21 05:12 - 2014-10-16 03:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2017-03-21 05:10 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker

2017-03-21 05:05 - 2014-01-09 15:42 - 00000000 ____D C:\Windows\system32\MRT

2017-03-21 05:04 - 2014-01-09 15:42 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-03-21 05:03 - 2014-10-16 03:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2017-03-15 20:45 - 2016-10-15 23:03 - 00000936 _____ C:\Users\Public\Desktop\AVG Protection.lnk

2017-03-15 20:45 - 2016-10-15 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2017-03-14 18:20 - 2015-01-13 17:31 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2017-03-14 18:20 - 2014-01-10 21:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2017-03-14 18:20 - 2014-01-10 21:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-03-14 18:19 - 2014-01-10 21:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2017-03-14 18:19 - 2014-01-10 21:17 - 00000000 ____D C:\Windows\system32\Macromed

2017-03-09 15:37 - 2015-04-15 07:41 - 00000000 ___SD C:\Windows\system32\CompatTel

2017-03-09 15:37 - 2015-04-15 07:41 - 00000000 ____D C:\Windows\system32\appraiser

==================== Files in the root of some directories =======

2010-05-02 17:31 - 2010-05-02 17:31 - 4952064 _____ (M&R Technologies, Inc.) C:\Program Files (x86)\PCStitch 9.exe

2014-01-29 19:47 - 2014-01-29 19:47 - 0000057 _____ () C:\ProgramData\Ament.ini

2016-12-24 10:44 - 2016-12-24 10:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 03:32

==================== End of FRST.txt ============================

Addition :

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017

Ran by David Salter (29-03-2017 07:53:58)

Running from C:\Users\David Salter\Desktop

Windows 7 Professional Service Pack 1 (X64) (2014-01-09 22:06:49)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-306836380-3015734-3570109687-500 - Administrator - Disabled)

David Salter (S-1-5-21-306836380-3015734-3570109687-1000 - Administrator - Enabled) => C:\Users\David Salter

Donna (S-1-5-21-306836380-3015734-3570109687-1003 - Administrator - Enabled) => C:\Users\Donna

Guest (S-1-5-21-306836380-3015734-3570109687-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-306836380-3015734-3570109687-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)

AMD Catalyst Install Manager (HKLM\...\{3C378793-5288-0165-FCA4-D319D5E4A490}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

Ancient Quest of Saqqarah (HKLM-x32\...\Ancient Quest of Saqqarah/EN/ES/FR-English_is1) (Version: - City Interactive)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)

AVG (Version: 16.151.8007 - AVG Technologies) Hidden

AVG 2016 (Version: 16.0.4769 - AVG Technologies) Hidden

AVG Protection (HKLM\...\AVG) (Version: 2016.151.8007 - AVG Technologies)

AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)

Awakening 2 Moonfell Wood 1.00 (HKLM-x32\...\Awakening 2 Moonfell Wood 1.00) (Version: - )

CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)

Dungeon Lords (HKLM-x32\...\{F41D7749-D973-42E7-BD80-64309766C39E}) (Version: 1.50.0 - DreamCatcher Interactive, Inc.)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden

Hidden Mysteries Salem Secrets 1.00 (HKLM-x32\...\Hidden Mysteries Salem Secrets 1.00) (Version: - )

HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

ISO to USB version 1.0 (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: 1.0 - isotousb.com)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Moraff's MahJongg 2005 Luxury Edition (HKLM-x32\...\setup_is1) (Version: - MoraffWare)

Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Need for Speed™ SHIFT (HKLM-x32\...\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}) (Version: 1.0.0.0 - Electronic Arts)

NVIDIA PhysX (HKLM-x32\...\{5DB65884-C963-4454-AABA-4CA3089281FA}) (Version: 9.09.0720 - NVIDIA Corporation)

Paradise Quest 1.00 (HKLM-x32\...\Paradise Quest 1.00) (Version: - )

PCStitch Pro 9 (HKLM-x32\...\{DB32A38E-4D83-49F9-9E69-4D0929C5F175}) (Version: 9.01.11 - M&R Technologies, Inc.)

PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )

PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)

Reincarnations Awakening 1.00 (HKLM-x32\...\Reincarnations Awakening 1.00) (Version: - )

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16061.19 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.6.4.16061.19 - Samsung Electronics Co., Ltd.) Hidden

Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)

Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.12 - NCH Software)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

The 'Jongg CDs - Additional Tilesets (HKLM-x32\...\tilesets_is1) (Version: - MoraffWare)

The Serpent of Isis 1.00 (HKLM-x32\...\The Serpent of Isis 1.00) (Version: - )

Tiger Woods PGA TOUR 08 (HKLM-x32\...\{2FEA102C-F535-4513-009B-57B165013C18}) (Version: - Electronic Arts)

Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)

Unity Web Player (HKU\S-1-5-21-306836380-3015734-3570109687-1003\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {291AD49A-9B6B-48D6-9E68-DDF650F7D04A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {3CC7440A-175F-4383-B163-13330CC253B0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)

Task: {48673C3D-FB12-46E2-815E-780ED8A78075} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)

Task: {7740263B-4F8D-454F-807E-D4954B0E9038} - System32\Tasks\{DA237C39-3DCC-416C-A1FB-AF45AD608A2A} => pcalua.exe -a C:\Users\Donna\Desktop\RecipeMaster_Install.exe -d C:\Users\Donna\Desktop

Task: {7CF20AA0-7F1B-4A2C-A7C1-F4E00FAF8F6A} - System32\Tasks\{A46260D0-AAA0-4108-BAB1-EB91E01CC0B2} => pcalua.exe -a C:\Users\Donna\Downloads\RecipeToGo\setup.exe -d C:\Users\Donna\Downloads\RecipeToGo

Task: {8B9D12A0-F9F4-4DCC-A1BC-D32B8D51C17A} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe

Task: {A8040B01-49FB-4EBA-9C57-F1B6CCFA351E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)

Task: {B20675A9-63A5-4ED2-8DB4-DE2A3FA18A02} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe

Task: {C5BE8C7B-793A-4332-BD97-E7632BBCFF25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {D65A09D2-C198-4274-B57C-E58EDECF1659} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-02-12] ()

Task: {F5821A6F-F266-45C2-81AF-FFFE07E983BC} - System32\Tasks\{5DFE0486-73CE-4379-B5AF-02FF23977228} => pcalua.exe -a C:\Users\Donna\AppData\Local\Temp\{FD4AC1DB-A979-4B87-8D73-47FCB2F07481}\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION

Task: {F63FF410-4E8B-48C8-AB33-05F425ED82F8} - System32\Tasks\{268A3B25-2134-4438-8224-B5F7C756505E} => pcalua.exe -a D:\TW08_inst.exe -d D:\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe

Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\David Salter\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2015-11-04 20:02 - 2016-10-07 05:07 - 00980552 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

2016-11-28 10:16 - 2016-11-28 10:16 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

2017-02-10 14:01 - 2017-02-01 02:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll

2017-02-10 14:01 - 2017-02-01 02:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-05-21 07:36 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-306836380-3015734-3570109687-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David Salter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

HKU\S-1-5-21-306836380-3015734-3570109687-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.254 - 75.153.171.122

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AnyDesk.lnk => C:\Windows\pss\AnyDesk.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Donna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PC Stitch.lnk => C:\Windows\pss\PC Stitch.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe

MSCONFIG\startupreg: AVG-Secure-Search-Update_0214c => C:\Users\David Salter\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=3562d3d4afad47d2bd267d6b4d5b74d9-9ed2845fcb594ff51549b2ea996394e3918a2a16 /CMPID=0214c

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

MSCONFIG\startupreg: Malwarebytes Anti-Malware => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

MSCONFIG\startupreg: NPSStartup =>

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: Ulead AutoDetector v2 => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe

MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{B591E1CD-B63D-4A9C-A2E0-E61E19069CE9}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe

FirewallRules: [TCP Query User{5185CBBC-B777-4D20-9426-CEC3443AEC56}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe

FirewallRules: [UDP Query User{83FE669B-9257-4134-9CA0-18E5CCD40281}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe

FirewallRules: [{9CC7721A-9468-4997-8AC9-4C6C0D125B1E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{D0B968B3-1F36-432A-8875-AAE815DB1E57}] => (Allow) C:\Windows\SysWOW64\muzapp.exe

FirewallRules: [{ED7F4B37-9B17-4C7A-BEF3-7FEF1E49ADB9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{3567C20D-95DD-469D-B7E9-34C14A36C8FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{460BD3FD-6F17-4208-85C9-1D2EA33F8784}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{50BC1494-936E-451F-9B39-8FEE49E37B8D}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{B49C379D-CBE0-4569-A710-3903199B8A64}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{FA93C595-95CA-43F7-94C9-F35226ECC686}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{9E588E6E-A612-4679-98FE-AF8BF2F3ECAE}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{B539E71B-AE39-4AFD-9602-2E56C066CB51}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{CF2A0CAF-58F6-4243-8F1D-64D54729597B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{6D1C639E-660F-40A2-87DC-02AF9CADF681}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{3E74B4CD-9D89-46DE-B2D3-16ED5D6FB2C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{D1DDCCF3-F5EE-4843-9348-3CEF2969786F}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{D09FC1CF-C58B-468B-BBF7-8B4C63FEAC73}] => (Allow) C:\Users\Donna\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{A4353E21-F530-4E12-A88B-9ED70AB8DBAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{C03F8560-928E-4330-BE09-6E91A4A54AAF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe

FirewallRules: [{273A45F4-A6CD-418B-9D49-932E2D2803F5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe

FirewallRules: [{0F5B7183-FAAD-4A7D-896C-11E8FB3E31C7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe

FirewallRules: [{05C0954E-4552-40A4-93F0-38B7A43AB940}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe

FirewallRules: [{234C183C-FBCC-4F54-BCC0-45822A3C13F7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe

FirewallRules: [{E1C1A209-E8C3-4383-8A69-319776F03753}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe

FirewallRules: [{12543FE9-1D4D-42FF-A84E-26B7D046E6A5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{51528EB7-1B02-4EB9-A55A-E9A3B3C5DC5C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{D7678B66-FA57-4363-9C69-BEA5154AD824}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{1B26226D-E8F3-4730-9BBC-80B5467E6C2D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

03-03-2017 16:22:48 Windows Update

09-03-2017 15:36:33 Windows Update

17-03-2017 05:02:47 Scheduled Checkpoint

21-03-2017 05:02:02 Windows Update

27-03-2017 12:26:44 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (03/29/2017 03:27:20 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/28/2017 03:49:21 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/27/2017 04:11:05 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/26/2017 04:28:11 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/25/2017 03:52:08 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/24/2017 03:55:36 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/23/2017 03:20:21 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/22/2017 03:01:42 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/21/2017 05:13:35 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2017 03:32:24 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

System errors:

=============

Error: (03/22/2017 01:13:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The vToolbarUpdater40.3.6 service terminated unexpectedly. It has done this 1 time(s).

Error: (03/21/2017 05:13:21 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

Access is denied.

Error: (03/21/2017 05:13:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

Access is denied.

Error: (03/21/2017 05:13:16 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Error: (03/21/2017 05:10:53 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

Access is denied.

Error: (03/13/2017 11:33:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The vToolbarUpdater40.3.6 service terminated unexpectedly. It has done this 1 time(s).

Error: (03/12/2017 03:32:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

Access is denied.

Error: (03/12/2017 03:32:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

Access is denied.

Error: (03/12/2017 03:32:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error Code: 126

Error: (03/12/2017 03:32:45 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 1:50:09 PM on ‎3/‎12/‎2017 was unexpected.

==================== Memory info ===========================

Processor: AMD A6-5400K APU with Radeon™ HD Graphics

Percentage of memory in use: 29%

Total physical RAM: 7364.72 MB

Available physical RAM: 5187.75 MB

Total Virtual: 14727.63 MB

Available Virtual: 12582.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:821.27 GB) NTFS

Drive d: (TW08) (CDROM) (Total:2.04 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 514949C7)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

I will send the last scan you requested a little later today..

thank you for your help in the situation....I'm really not physically up to starting from scratch on this machine if there isn't a way around this problem./

#5
RKinner

Posted 29 March 2017 - 09:52 AM

Malware Expert

Expert
24,625 posts

Doesn't look too bad.

Clear the Java Cache by following the instructions on

http://www.java.com/...lugin_cache.xml

You do not have the latest Java.

First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I see:

Java 8 Update 25

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:

Get the latest Java at:

http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Also uninstall ESET Online Scanner v3 as it is not working correctly.

Search for

msconfig

Hit Enter.

Under Startup please check everything that you have unchecked. OK. Don't reboot yet.

Download the attached fixlist.txt to the same location as FRST

[attachment=84562:fixlist.txt]

Run FRST and press Fix

A fix log will be generated please post that

(PC will reboot in the process)

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

#6
dolface755

Posted 29 March 2017 - 11:58 AM

Member

Topic Starter
Member
249 posts

this is last scan requested and it did come up with fix

Run date: 2017-03-29 08:06:27

-----------------------------

08:06:27.201 OS Version: Windows x64 6.1.7601 Service Pack 1

08:06:27.201 Number of processors: 2 586 0x1001

08:06:27.201 ComputerName: DAVIDSALTER-PC UserName: David Salter

08:06:30.087 Initialize success

08:06:30.087 VM: initialized successfully

08:06:30.087 VM: Amd CPU supported

08:10:09.229 AVAST engine defs: 17030301

08:10:32.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060

08:10:32.194 Disk 0 Vendor: WDC_WD10 03.0 Size: 953869MB BusType: 11

08:10:32.288 Disk 0 MBR read successfully

08:10:32.288 Disk 0 MBR scan

08:10:32.303 Disk 0 Windows 7 default MBR code

08:10:32.303 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

08:10:32.319 Disk 0 default boot code

08:10:32.350 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848

08:10:32.366 Disk 0 scanning C:\Windows\system32\drivers

08:10:39.776 Service scanning

08:10:55.254 Modules scanning

08:10:55.270 Disk 0 trace - called modules:

08:10:55.285 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys

08:10:55.285 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007684060]

08:10:55.301 3 CLASSPNP.SYS[fffff8800191b43f] -> nt!IofCallDriver -> [0xfffffa8007356ac0]

08:10:55.301 5 amd_xata.sys[fffff8800114bd00] -> nt!IofCallDriver -> \Device\00000060[0xfffffa800721f410]

08:10:57.407 AVAST engine scan C:\

10:13:58.875 Disk 0 statistics 32202114/0/0 @ 2.64 MB/s

10:13:58.891 Scan finished successfully

10:56:36.584 Disk 0 MBR has been saved successfully to "C:\Users\David Salter\Desktop\MBR.dat"

10:56:36.599 The log file has been saved successfully to "C:\Users\David Salter\Desktop\aswMBR.txt"

#7
dolface755

Posted 29 March 2017 - 11:58 AM

Member

Topic Starter
Member
249 posts

this is last scan requested and it did come up with fix

Run date: 2017-03-29 08:06:27

-----------------------------

08:06:27.201 OS Version: Windows x64 6.1.7601 Service Pack 1

08:06:27.201 Number of processors: 2 586 0x1001

08:06:27.201 ComputerName: DAVIDSALTER-PC UserName: David Salter

08:06:30.087 Initialize success

08:06:30.087 VM: initialized successfully

08:06:30.087 VM: Amd CPU supported

08:10:09.229 AVAST engine defs: 17030301

08:10:32.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060

08:10:32.194 Disk 0 Vendor: WDC_WD10 03.0 Size: 953869MB BusType: 11

08:10:32.288 Disk 0 MBR read successfully

08:10:32.288 Disk 0 MBR scan

08:10:32.303 Disk 0 Windows 7 default MBR code

08:10:32.303 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

08:10:32.319 Disk 0 default boot code

08:10:32.350 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848

08:10:32.366 Disk 0 scanning C:\Windows\system32\drivers

08:10:39.776 Service scanning

08:10:55.254 Modules scanning

08:10:55.270 Disk 0 trace - called modules:

08:10:55.285 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys

08:10:55.285 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007684060]

08:10:55.301 3 CLASSPNP.SYS[fffff8800191b43f] -> nt!IofCallDriver -> [0xfffffa8007356ac0]

08:10:55.301 5 amd_xata.sys[fffff8800114bd00] -> nt!IofCallDriver -> \Device\00000060[0xfffffa800721f410]

08:10:57.407 AVAST engine scan C:\

10:13:58.875 Disk 0 statistics 32202114/0/0 @ 2.64 MB/s

10:13:58.891 Scan finished successfully

10:56:36.584 Disk 0 MBR has been saved successfully to "C:\Users\David Salter\Desktop\MBR.dat"

10:56:36.599 The log file has been saved successfully to "C:\Users\David Salter\Desktop\aswMBR.txt"

#8
RKinner

Posted 29 March 2017 - 12:37 PM

Malware Expert

Expert
24,625 posts

aswMBR didn't find anything interesting. That's a good thing.

#9
dolface755

Posted 31 March 2017 - 02:49 PM

Member

Topic Starter
Member
249 posts

Ok sorry one stupid question...there are already addition and FRST logs from first scan on desktop.....am I deleting them after running fix and before running FRST again?

#10
dolface755

Posted 31 March 2017 - 02:50 PM

Member

Topic Starter
Member
249 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017

Ran by David Salter (31-03-2017 13:41:51) Run:4

Running from C:\Users\David Salter\Desktop

Loaded Profiles: David Salter & Donna (Available Profiles: David Salter & Donna)

Boot Mode: Normal

==============================================

fixlist content:

*****************