Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Invasion of Undetectable Malware: No Idea What to Do

Windows 7 Mysterious Malware Unidentifiable Urgent Help Malwarebytes

  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Glad to hear it.


  • 0

Advertisements


#17
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

I just ran the Critical System File scan.

 

'Windows Resource Protection did not find any integrity violations'  -  which I'm guessing equates to a thumbs up.

 

I'll try the Event Viewer Tool next.


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Definitely a good thing.


  • 0

#19
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Okay, next up we have the two reports from Vino's Event Viewer.

 

Report 1: 'System'

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/04/2017 12:19:18
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/04/2017 09:22:15
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Log: 'System' Date/Time: 08/04/2017 09:22:00
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Log: 'System' Date/Time: 07/04/2017 18:41:37
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/04/2017 08:29:11
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 07/04/2017 20:06:24
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 07/04/2017 16:49:32
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 07/04/2017 10:05:07
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 07/04/2017 08:36:59
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
 
 
Report 2: 'Application'
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/04/2017 12:23:24
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/04/2017 08:29:02
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:
Process 1384 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000
 
 
Log: 'Application' Date/Time: 07/04/2017 20:06:14
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:
Process 1404 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000
 
 
Log: 'Application' Date/Time: 07/04/2017 16:49:19
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:
Process 1400 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000
 
 
Log: 'Application' Date/Time: 07/04/2017 10:04:58
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:
Process 1416 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000
 
 
Log: 'Application' Date/Time: 07/04/2017 08:36:46
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:
Process 1400 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000
 
 

  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

These are the only errors worth worrying about:

 

Log: 'System' Date/Time: 08/04/2017 09:22:15
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Log: 'System' Date/Time: 08/04/2017 09:22:00
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

 

 

 
The first one never seems to work so I just turn the service off:
 
search for
services.msc
hit Enter
 
Scroll down to
Windows Media Player Network Sharing Service
and right click and select Properties then change Startup Type: to Disabled.  OK.
 
The second one is a bit harder.  Start, All Programs, Accessories and right click on Command Prompt and Run As Admin.  Type:
 
sc  start  ShellHWDetection

We want it to say:

 

[SC] StartService FAILED 1056:
 
An instance of the service is already running.

 

 

 
Does it?  If not what does it say?
 
I went back over this thread and I don't see the speccy log.  This may help tell me what went wrong originally.  Could you make one and attach it:
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 

  • 0

#21
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Right, yes, Speccy was going to be my next stop after Vino's Event Viewer  -  but I've just attended to it now, because it seems timely to do so.    I'm attaching the Speccy log to this post, as suggested  -  and maan was it long.

 

I've followed your advice about disabling Windows Media Player Network Sharing Service.  Thanks.

 

As for tackling the second issue, I followed your instructions and did indeed obtain the result SC] StartService FAILED 1056:.

 

Your continuing assistance is greatly appreciated, RKinner.

Attached Files


Edited by Waste of Space, 08 April 2017 - 07:12 AM.

  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You are showing some errors on your hard drive.  As it's a Seagate that's pretty normal (I hate Seagate drives they just don't last)  but let's get a second opinion:

 

See if you can get Speedfan to work:
 
 
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin.).
 
It will tell you your temps.  What does it say for the hottest values?
 
Now click on the S.M.A.R.T. tab.  Click on the down arrow to the right of the Hard Disk box.  Select your hard drive.  Click on Perform an In-depth Online Analysis of this hard disk.  Your browser will open.
 
At the bottom of the new page will be a line:  
 
The link to get back and see a new report about this hard disk in the future is this.
 
Right click on the underlined "this" and select Copy Link Address.  Move to a Reply and Paste (Ctrl + v).

  • 0

#23
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Right, then.  These were the outcomes:

 

Fan 1:  1747 rpm  

Fan 2:  0 rpm

Fan 3:  1039 rpm

Fan 4:  940 rpm

 

Temp 1:  50C

Temp 2:  25C

Temp 3:  26C

Temp 4:  0C

HDO:      40C

 

 

Link address for In-Depth Online Analysis:

 http://www.hddstatus...cation=8FB37322

 

Hopefully this isn't too catastrophic a result?

 

PS:  What's the initdebug.nfo program which arrived alongside Speedfan?  And should I give it the heave-ho?


Edited by Waste of Space, 08 April 2017 - 10:01 AM.

  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Speedfan doesn't think the hard drive is that bad:


The overall fitness for this drive is 97%.
The overall performance for this drive is 97%.

 

 

but I would back up anything I didn't want to lose because I don't trust it.
 
The 50 temperature is a bit high for a desktop doing nothing.  I would shut it down, leave it plugged up, open it up and find the heatsink.  Normally there is a fan stuck on the top of it.  If you can, remove the fan (note which way it is pointed and do not disturb the heatsink).  Use a small brush and a vacuum cleaner hose and clear out all of the dust on the heatsink then return the fan to its original position.  Also clean the dust off any vents and fans including the power supply.  Start the PC with it still open.  Watch the fan.  It should spin up quickly and not make any squeaky noises.  (It may slow down or stop after a few seconds.) If it doesn't turn at all, is slow to start or makes noise it will need to be replaced.)

  • 0

#25
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Much appreciated, RKinner.  I'll investigate the innards of my PC tomorrow when my back isn't hurting quite so much.

 

For now, here are the two reports generated by the FRST scan you suggested.  Thanks again for bringing your brain to bear. 'You're doing the Lord's work', as they're inclined to say in the US (but not so much here in the UK).

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Home (administrator) on HOME-PC (08-04-2017 17:46:01)
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Spotify Ltd) C:\Users\Home\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\SpeedFan\speedfan.exe
() C:\Program Files (x86)\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-04-13] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-05] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-02-08] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2588259368-3398593882-3987161955-1000\...\Run: [Spotify Web Helper] => C:\Users\Home\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-21] (Spotify Ltd)
HKU\S-1-5-21-2588259368-3398593882-3987161955-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2017-04-08]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{740F530B-DDF1-4488-8868-BA63A715455B}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2588259368-3398593882-3987161955-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2588259368-3398593882-3987161955-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2017-04-08]
CHR Extension: (Google Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-06]
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-06]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-06]
CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-05] (AVAST Software)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2017-02-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [404376 2017-03-20] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294104 2015-04-10] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-05] (AVAST Software)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2017-02-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [6423936 2013-02-04] (Etron)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-11-02 00:08 - 2015-04-06 09:52 - 00524288 ___SH C:\Users\Home\ntuser.dat{c6c2e5f8-9722-14dc-b99e-0018716c3889}.TMContainer00000000000000000002.regtrans-ms
2099-11-02 00:08 - 2015-04-06 09:52 - 00524288 ___SH C:\Users\Home\ntuser.dat{c6c2e5f8-9722-14dc-b99e-0018716c3889}.TMContainer00000000000000000001.regtrans-ms
2099-11-02 00:08 - 2015-04-06 09:52 - 00065536 ___SH C:\Users\Home\ntuser.dat{c6c2e5f8-9722-14dc-b99e-0018716c3889}.TM.blf
2017-04-08 17:46 - 2017-04-08 17:47 - 00013111 _____ C:\Users\Home\Desktop\FRST.txt
2017-04-08 17:45 - 2017-04-08 17:45 - 00000000 ____D C:\Users\Home\Desktop\FRST-OlderVersion
2017-04-08 16:41 - 2017-04-08 16:48 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2017-04-08 16:41 - 2017-04-08 16:41 - 00001011 _____ C:\Users\Home\Desktop\SpeedFan.lnk
2017-04-08 16:41 - 2017-04-08 16:41 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2017-04-08 16:41 - 2017-04-08 16:41 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-04-08 16:39 - 2017-04-08 16:39 - 03086696 _____ C:\Users\Home\Desktop\instspeedfan452 (1).exe
2017-04-08 13:56 - 2017-04-08 13:59 - 00057328 _____ C:\Users\Home\Desktop\HOME-PC.txt
2017-04-08 13:54 - 2017-04-08 13:54 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-04-08 13:54 - 2017-04-08 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-04-08 13:54 - 2017-04-08 13:54 - 00000000 ____D C:\Program Files\Speccy
2017-04-08 13:51 - 2017-04-08 13:51 - 06293184 _____ (Piriform Ltd) C:\Users\Home\Desktop\spsetup130.exe
2017-04-08 13:39 - 2017-04-08 13:39 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-08 12:19 - 2017-04-08 12:23 - 00003640 _____ C:\VEW.txt
2017-04-08 12:03 - 2017-04-08 12:03 - 00061440 _____ ( ) C:\Users\Home\Desktop\VEW.exe
2017-04-06 12:40 - 2017-03-04 18:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-06 12:40 - 2017-03-04 17:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-06 12:40 - 2017-03-04 09:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-06 12:40 - 2017-03-04 09:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-06 12:40 - 2017-03-04 09:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-06 12:40 - 2017-03-04 09:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-06 12:40 - 2017-03-04 08:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-06 12:40 - 2017-03-04 08:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-06 12:40 - 2017-03-04 08:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-06 12:40 - 2017-03-04 08:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-06 12:40 - 2017-03-04 08:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-06 12:40 - 2017-03-04 08:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-06 12:40 - 2017-03-04 08:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-06 12:40 - 2017-03-04 08:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-06 12:40 - 2017-03-04 08:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-06 12:40 - 2017-03-04 07:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-06 12:40 - 2017-03-04 07:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-06 12:40 - 2017-03-04 07:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-06 12:40 - 2017-03-04 07:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-06 12:40 - 2017-03-04 07:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-06 12:40 - 2017-03-04 05:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-06 12:40 - 2017-03-02 19:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-06 12:40 - 2017-03-02 19:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-06 12:40 - 2017-03-02 18:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-06 12:40 - 2017-03-02 18:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-06 12:40 - 2017-03-02 18:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-06 12:40 - 2017-03-02 18:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-06 12:40 - 2017-03-02 18:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-06 12:40 - 2017-03-02 18:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-06 12:40 - 2017-03-02 18:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-06 12:40 - 2017-03-02 18:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-06 12:40 - 2017-03-02 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-06 12:40 - 2017-03-02 18:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-06 12:40 - 2017-03-02 18:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-06 12:40 - 2017-03-02 18:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-06 12:40 - 2017-03-02 18:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-06 12:40 - 2017-03-02 18:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-06 12:40 - 2017-03-02 18:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-06 12:40 - 2017-03-02 18:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-06 12:40 - 2017-03-02 18:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-06 12:40 - 2017-03-02 18:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-06 12:40 - 2017-03-02 18:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-06 12:40 - 2017-03-02 17:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-06 12:40 - 2017-03-02 17:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-06 12:40 - 2017-03-02 17:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-06 12:40 - 2016-09-15 15:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-04-06 12:40 - 2016-08-22 17:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-04-06 12:39 - 2017-03-04 09:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-06 12:39 - 2017-03-04 09:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-06 12:39 - 2017-03-04 09:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-06 12:39 - 2017-03-04 08:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-06 12:39 - 2017-03-04 08:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-06 12:39 - 2017-03-04 08:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-06 12:39 - 2017-03-04 08:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-06 12:39 - 2017-03-04 08:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-06 12:39 - 2017-03-04 08:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-06 12:39 - 2017-03-04 08:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-06 12:39 - 2017-03-04 08:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-06 12:39 - 2017-03-04 08:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-06 12:39 - 2017-03-04 07:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-06 12:39 - 2017-03-04 07:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-06 12:39 - 2017-03-04 07:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-06 12:39 - 2017-03-04 07:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-06 12:39 - 2017-03-02 19:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-06 12:39 - 2017-03-02 19:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-06 12:39 - 2017-03-02 19:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-06 12:39 - 2017-03-02 19:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-06 12:39 - 2017-03-02 18:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-06 12:39 - 2017-02-11 16:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-04-06 12:39 - 2017-02-11 16:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-04-06 12:39 - 2017-02-11 16:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-04-06 12:39 - 2017-02-10 17:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-04-06 12:39 - 2017-02-10 17:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-06 12:39 - 2017-02-10 17:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-04-06 12:39 - 2017-02-10 17:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-06 12:39 - 2017-02-10 15:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-04-06 12:39 - 2017-02-09 17:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-06 12:39 - 2017-02-09 17:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-06 12:39 - 2017-02-09 17:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-06 12:39 - 2017-02-09 17:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-06 12:39 - 2017-02-09 17:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-06 12:39 - 2017-02-09 17:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-06 12:39 - 2017-02-09 17:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-06 12:39 - 2017-02-09 17:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-06 12:39 - 2017-02-09 17:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 17:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-06 12:39 - 2017-02-09 17:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-06 12:39 - 2017-02-09 17:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-06 12:39 - 2017-02-09 17:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-06 12:39 - 2017-02-09 17:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-06 12:39 - 2017-02-09 16:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-06 12:39 - 2017-02-09 16:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-06 12:39 - 2017-02-09 16:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-06 12:39 - 2017-02-09 16:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-06 12:39 - 2017-02-09 16:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-06 12:39 - 2017-02-09 16:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-06 12:39 - 2017-02-09 16:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-06 12:39 - 2017-02-09 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-06 12:39 - 2017-02-09 16:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-04-06 12:39 - 2017-02-09 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-06 12:39 - 2017-02-09 16:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-06 12:39 - 2017-02-09 16:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-06 12:39 - 2017-02-09 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-06 12:39 - 2017-02-09 16:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-06 12:39 - 2017-02-09 16:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 16:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 16:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 16:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-06 12:39 - 2017-02-09 15:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-04-06 12:39 - 2017-02-09 15:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-04-06 12:39 - 2017-02-06 17:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-04-06 12:39 - 2017-01-13 19:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-04-06 12:39 - 2017-01-13 19:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-04-06 12:39 - 2017-01-13 18:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-04-06 12:39 - 2017-01-13 18:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-04-06 12:39 - 2017-01-11 19:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-04-06 12:39 - 2017-01-11 19:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-04-06 12:39 - 2017-01-11 18:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-04-06 12:39 - 2017-01-11 18:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-04-06 12:39 - 2017-01-06 19:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-06 12:39 - 2017-01-06 18:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-06 12:39 - 2016-11-21 19:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-04-06 12:39 - 2016-11-20 17:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-04-06 12:39 - 2016-11-20 15:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-04-06 12:39 - 2016-11-17 17:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-04-06 12:39 - 2016-11-10 17:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-04-06 12:39 - 2016-11-10 17:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-04-06 12:39 - 2016-11-09 17:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-04-06 12:39 - 2016-11-09 17:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-04-06 12:39 - 2016-11-09 17:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-04-06 12:39 - 2016-11-09 17:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-04-06 12:39 - 2016-11-09 17:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-04-06 12:39 - 2016-11-09 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-04-06 12:39 - 2016-11-09 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-06 12:39 - 2016-11-09 17:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-04-06 12:39 - 2016-11-09 17:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-04-06 12:39 - 2016-11-09 17:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-04-06 12:39 - 2016-11-09 17:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-04-06 12:39 - 2016-11-09 17:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-06 12:39 - 2016-11-09 17:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-04-06 12:39 - 2016-11-09 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-04-06 12:39 - 2016-11-02 16:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-06 12:39 - 2016-11-02 16:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-06 12:39 - 2016-11-02 16:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-06 12:39 - 2016-11-02 16:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-06 12:39 - 2016-11-02 16:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-06 12:39 - 2016-11-02 16:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-06 12:39 - 2016-11-02 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
 
2017-04-06 12:39 - 2016-11-02 16:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-06 12:39 - 2016-11-02 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-06 12:39 - 2016-11-02 15:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-06 12:39 - 2016-10-11 16:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-04-06 12:39 - 2016-10-11 16:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-04-06 12:39 - 2016-10-11 16:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-04-06 12:39 - 2016-10-11 16:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-04-06 12:39 - 2016-10-11 16:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-04-06 12:39 - 2016-10-11 16:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-04-06 12:39 - 2016-10-11 16:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-04-06 12:39 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-04-06 12:39 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-04-06 12:39 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-04-06 12:39 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-04-06 12:39 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-04-06 12:39 - 2016-10-11 16:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-04-06 12:39 - 2016-10-11 16:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-04-06 12:39 - 2016-10-11 16:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-04-06 12:39 - 2016-10-11 16:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-04-06 12:39 - 2016-10-11 16:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-04-06 12:39 - 2016-10-11 16:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-04-06 12:39 - 2016-10-11 16:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-04-06 12:39 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-04-06 12:39 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-04-06 12:39 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-04-06 12:39 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-04-06 12:39 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-04-06 12:39 - 2016-10-11 16:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-04-06 12:39 - 2016-10-11 16:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-04-06 12:39 - 2016-10-11 15:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-04-06 12:39 - 2016-10-11 14:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-04-06 12:39 - 2016-10-11 14:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-04-06 12:39 - 2016-10-11 14:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-04-06 12:39 - 2016-10-11 14:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-04-06 12:39 - 2016-10-08 14:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-04-06 12:39 - 2016-10-07 16:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-04-06 12:39 - 2016-10-07 16:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-04-06 12:39 - 2016-10-07 16:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-06 12:39 - 2016-10-07 16:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-04-06 12:39 - 2016-10-07 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-04-06 12:39 - 2016-10-07 16:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-06 12:39 - 2016-10-05 15:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-04-06 12:39 - 2016-10-04 16:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-04-06 12:39 - 2016-10-04 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-04-06 12:39 - 2016-10-04 16:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-04-06 12:39 - 2016-10-04 16:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-04-06 12:39 - 2016-10-04 16:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-04-06 12:39 - 2016-10-04 16:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-04-06 12:39 - 2016-10-04 16:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-04-06 12:39 - 2016-10-04 16:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-04-06 12:39 - 2016-09-12 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-04-06 12:39 - 2016-09-12 21:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-04-06 12:39 - 2016-09-09 19:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-06 12:39 - 2016-09-09 19:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-06 12:39 - 2016-09-08 21:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-04-06 12:39 - 2016-09-08 21:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-04-06 12:39 - 2016-09-08 21:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-04-06 12:39 - 2016-09-08 21:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-04-06 12:39 - 2016-09-08 15:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-04-06 12:39 - 2016-09-08 15:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-04-06 12:39 - 2016-08-12 18:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-04-06 12:39 - 2016-08-12 18:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-04-06 12:39 - 2016-08-12 18:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-04-06 12:39 - 2016-08-12 18:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-04-06 12:39 - 2016-08-12 18:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-04-06 12:39 - 2016-08-12 17:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-04-06 12:39 - 2016-08-12 17:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-04-06 12:39 - 2016-08-12 17:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-04-06 12:39 - 2016-08-12 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-04-06 12:39 - 2016-08-12 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-04-06 12:39 - 2016-08-12 17:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-04-06 12:39 - 2016-08-06 16:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-04-06 12:39 - 2016-08-06 16:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-04-06 12:39 - 2016-08-06 16:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-04-06 12:39 - 2016-08-06 16:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-04-06 12:39 - 2016-08-06 16:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-04-06 12:39 - 2016-08-06 16:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-04-06 12:39 - 2016-08-06 16:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-04-06 12:39 - 2016-08-06 16:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-04-06 12:39 - 2016-08-06 16:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-04-06 12:39 - 2016-08-06 16:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-04-06 12:39 - 2016-08-06 16:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-04-06 12:39 - 2016-08-06 16:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-04-06 12:39 - 2016-08-06 16:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-04-06 12:39 - 2016-08-06 15:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-04-06 12:39 - 2016-08-06 15:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-04-06 12:39 - 2016-08-06 15:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-04-06 12:39 - 2016-06-14 18:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-04-06 12:39 - 2016-06-14 18:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-04-06 12:39 - 2016-06-14 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-04-06 12:39 - 2016-06-14 18:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-04-06 12:39 - 2016-06-14 16:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-04-06 12:39 - 2016-06-14 16:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-04-06 12:39 - 2016-06-14 16:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-04-06 12:39 - 2016-06-14 16:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-04-06 12:39 - 2016-06-14 16:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-04-06 12:39 - 2016-06-14 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-04-06 12:39 - 2016-06-14 16:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-04-06 12:39 - 2016-06-14 16:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-04-06 12:39 - 2016-06-14 16:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-04-06 12:39 - 2016-05-12 14:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-04-06 12:39 - 2016-05-12 14:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-04-06 12:38 - 2016-06-26 01:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-04-06 12:38 - 2016-06-26 01:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-04-06 12:38 - 2016-06-26 01:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-04-06 12:38 - 2016-06-26 01:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-04-06 12:38 - 2016-06-25 20:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-04-06 12:38 - 2016-06-25 20:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-04-06 12:38 - 2016-06-25 20:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-04-06 12:38 - 2016-06-25 20:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-04-06 12:38 - 2016-05-11 18:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-04-06 12:38 - 2016-05-11 18:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-04-06 12:38 - 2016-05-11 18:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2017-04-06 12:38 - 2016-05-11 16:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-04-06 12:38 - 2016-05-11 16:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2017-04-06 12:38 - 2016-05-11 16:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2017-04-06 12:38 - 2016-05-11 16:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-04-06 12:38 - 2016-05-11 16:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-04-06 12:38 - 2016-05-11 15:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-04-06 12:30 - 2016-05-12 18:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2017-04-06 12:30 - 2016-05-12 18:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-04-06 12:30 - 2016-05-12 18:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2017-04-06 12:30 - 2016-05-12 18:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2017-04-06 12:30 - 2016-05-12 18:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2017-04-06 12:30 - 2016-05-12 18:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2017-04-06 12:30 - 2016-05-12 16:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2017-04-06 12:30 - 2016-05-12 16:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2017-04-06 12:30 - 2016-05-12 16:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2017-04-06 12:30 - 2016-05-12 16:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2017-04-05 19:41 - 2017-04-05 19:41 - 00003650 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-04-05 19:41 - 2017-04-05 19:41 - 00002163 _____ C:\Users\Home\Desktop\Tweaking.com - Windows Repair.lnk
2017-04-05 19:41 - 2017-04-05 19:41 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-04-05 19:41 - 2017-04-05 19:41 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-04-05 19:38 - 2017-04-05 19:41 - 00238615 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-04-05 16:47 - 2017-04-05 16:47 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1491407244
2017-04-05 16:47 - 2017-04-05 16:47 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-05 16:45 - 2017-04-05 16:45 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-05 16:44 - 2017-04-05 16:44 - 00000000 ____D C:\Users\Home\AppData\Roaming\AVAST Software
2017-04-05 16:43 - 2017-04-05 16:43 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-04-05 16:43 - 2017-04-05 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-05 16:42 - 2017-04-05 16:42 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-05 16:42 - 2017-04-05 16:42 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-05 16:42 - 2017-04-05 16:42 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-05 16:42 - 2017-04-05 16:42 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-05 16:42 - 2017-04-05 16:42 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-05 16:42 - 2017-04-05 16:42 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-05 16:42 - 2017-04-05 16:42 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-05 16:42 - 2017-04-05 16:42 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-05 16:42 - 2017-04-05 16:42 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-05 16:42 - 2017-04-05 16:42 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-04-05 16:42 - 2017-04-05 16:42 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-05 16:42 - 2017-04-05 16:41 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-05 16:42 - 2017-04-05 16:41 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-05 16:42 - 2017-04-05 16:41 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-05 16:42 - 2017-04-05 16:41 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-05 16:42 - 2017-04-05 16:41 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-05 16:40 - 2017-04-05 16:45 - 00000000 ____D C:\Program Files\AVAST Software
2017-04-04 18:50 - 2017-04-04 18:50 - 00006725 _____ C:\junk.txt
2017-04-04 13:52 - 2017-04-04 13:52 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Home\Desktop\procexp.exe
2017-04-03 10:11 - 2017-04-03 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-04-02 15:45 - 2017-04-02 15:45 - 00125952 _____ C:\Users\Home\Documents\Odd Jobsman Flyer.pub
2017-03-31 07:01 - 2017-03-31 07:01 - 04089296 _____ C:\Users\Home\Desktop\adwcleaner_6.045.exe
2017-03-26 12:31 - 2017-03-30 21:10 - 00000000 ____D C:\Users\Home\Downloads\Stafford Rabbit Farm Protest 25 March 2017
2017-03-24 10:28 - 2017-03-24 10:28 - 00000000 ____D C:\Users\Home\Downloads\Rabbit farm protest
2017-03-24 10:23 - 2017-03-24 10:23 - 01057470 _____ C:\Users\Home\Downloads\Rabbit farm protest.zip
2017-03-24 10:19 - 2017-03-24 10:19 - 00679050 _____ C:\Users\Home\Downloads\Rabbit farm protest.pdf
2017-03-21 13:56 - 2017-03-21 13:56 - 00003542 _____ C:\Windows\System32\Tasks\HP AR Program Upload - baad65bec35348a59e75f47e0acd9b4411d2b698a054484f83cf61d4d95229a3
2017-03-14 11:53 - 2017-03-14 11:53 - 00003542 _____ C:\Windows\System32\Tasks\HP AR Program Upload - d77dc0b23f0d4a4b94de0fa08ed7689af165f4121cc840c688d280268f118f2f
2017-03-12 11:34 - 2017-03-12 11:35 - 49129696 _____ (Microsoft Corporation) C:\Users\Home\Desktop\Windows-KB890830-x64-V5.45.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-11-02 00:02 - 2014-12-01 10:33 - 00000000 ____D C:\Users\Home\AppData\Local\Microsoft Games
2017-04-08 17:46 - 2016-09-18 07:31 - 00000000 ____D C:\FRST
2017-04-08 17:45 - 2016-09-18 07:26 - 02424832 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2017-04-08 17:30 - 2015-08-07 06:56 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-04-08 14:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-04-08 13:52 - 2016-04-18 18:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-08 13:47 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-08 13:47 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-08 13:43 - 2009-07-14 06:13 - 00785366 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-08 13:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-04-08 13:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-08 10:57 - 2016-07-12 19:16 - 00000000 ____D C:\Users\Home\Documents\Architectural Insides and Outsides
2017-04-07 10:46 - 2015-05-02 13:48 - 00000000 ____D C:\Users\Home\Documents\JFD Stuff
2017-04-06 13:05 - 2009-07-14 05:45 - 00356016 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-06 13:03 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-04-06 13:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-04-06 13:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism
2017-04-06 12:59 - 2015-04-29 07:10 - 00000000 ____D C:\Windows\system32\MRT
2017-04-06 12:54 - 2015-04-06 12:47 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-06 12:49 - 2015-05-07 07:48 - 00752750 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-06 09:55 - 2014-12-01 00:33 - 00088152 _____ C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-06 08:46 - 2015-04-06 13:07 - 00000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics
2017-04-06 07:50 - 2015-05-02 13:49 - 00000000 ____D C:\Users\Home\Documents\St John's Images
2017-04-06 07:50 - 2015-05-02 13:47 - 00000000 ____D C:\Users\Home\Documents\Old Downloads
2017-04-06 07:50 - 2009-07-14 03:34 - 00000538 _____ C:\Windows\win.ini
2017-04-06 07:19 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-04-05 22:54 - 2015-04-06 10:36 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 22:54 - 2015-04-06 10:36 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-05 17:27 - 2015-05-02 09:26 - 00000000 ____D C:\AdwCleaner
2017-04-05 17:20 - 2015-07-18 04:54 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-04-05 17:20 - 2014-12-01 09:56 - 00000000 ____D C:\ProgramData\TEMP
2017-04-05 16:45 - 2015-08-25 08:39 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-05 08:54 - 2015-08-15 06:44 - 00000000 ____D C:\Users\Home\AppData\Local\AvgSetupLog
2017-04-05 08:54 - 2014-12-01 09:30 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-05 08:52 - 2015-10-27 08:54 - 00000000 ____D C:\Users\Home\AppData\Roaming\AVG
2017-04-05 08:52 - 2015-08-15 06:44 - 00000000 ____D C:\ProgramData\Avg
2017-04-05 08:46 - 2015-05-26 10:23 - 00000000 ____D C:\Users\Home\AppData\Local\Avg
2017-04-05 08:46 - 2014-12-01 09:28 - 00000000 ____D C:\ProgramData\MFAData
2017-04-03 12:42 - 2015-05-11 11:57 - 00002008 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2017-04-03 10:11 - 2016-08-15 09:32 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-04-03 10:11 - 2015-11-23 13:50 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-04-03 10:11 - 2009-07-14 03:34 - 00000066 _____ C:\Windows\system32\Drivers\etc\hosts_bak_595
2017-04-02 10:05 - 2017-01-05 17:37 - 00000000 ____D C:\Users\Home\Documents\Used Car Dealers
2017-03-23 08:34 - 2015-07-18 04:55 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-03-23 08:34 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-21 17:56 - 2015-05-02 16:55 - 00000000 ____D C:\Users\Home\AppData\Local\Spotify
2017-03-21 17:56 - 2015-05-02 16:54 - 00000000 ____D C:\Users\Home\AppData\Roaming\Spotify
2017-03-21 16:11 - 2013-07-19 01:22 - 00107503 _____ C:\Users\Home\Desktop\changelog.txt
2017-03-18 10:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-14 10:11 - 2015-05-02 13:49 - 00000000 ____D C:\Users\Home\Documents\Primus Fuel eBills
 
==================== Files in the root of some directories =======
 
2015-05-11 08:44 - 2015-05-11 08:44 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
2017-04-08 16:42 - 2017-04-08 16:42 - 0192512 _____ () C:\Users\Home\AppData\Local\Temp\sfamcc00001.dll
2017-04-08 16:49 - 2017-04-08 16:49 - 0192512 _____ () C:\Users\Home\AppData\Local\Temp\sfamcc00002.dll
2017-04-08 16:42 - 2017-04-08 16:42 - 0158720 _____ () C:\Users\Home\AppData\Local\Temp\sfareca00001.dll
2017-04-08 16:49 - 2017-04-08 16:49 - 0158720 _____ () C:\Users\Home\AppData\Local\Temp\sfareca00002.dll
2015-02-10 18:56 - 2015-02-10 18:56 - 0105984 _____ () C:\Users\Home\AppData\Local\Temp\sfextra.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-06 08:39
 
==================== End of FRST.txt ============================
 
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Home (08-04-2017 17:47:54)
Running from C:\Users\Home\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-11-30 23:31:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2588259368-3398593882-3987161955-500 - Administrator - Disabled)
Guest (S-1-5-21-2588259368-3398593882-3987161955-501 - Limited - Disabled)
Home (S-1-5-21-2588259368-3398593882-3987161955-1000 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-2588259368-3398593882-3987161955-1002 - Limited - Enabled)
Malcolm_Richardson (S-1-5-21-2588259368-3398593882-3987161955-1003 - Administrator - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Deskjet 1510 series Basic Device Software (HKLM\...\{C9064E5C-D5AB-4EEB-86A6-50756901038A}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Malwarebytes Anti-Exploit version 1.9.1.1334 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1334 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.523.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{EC27E742-EB04-4A2C-BA64-20271929528A}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7487 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2588259368-3398593882-3987161955-1000\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
The Complete Theory Test V14/1 (Update 7) (HKLM-x32\...\{C8A53C9C-185D-46E0-8F63-1E6AE4140674}_is1) (Version: 18.0 - Imagitech Ltd.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.27 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Webcam Videocap (HKLM-x32\...\{ED1674F5-5165-49BF-B546-AE5343111540}) (Version: 1.0.3.7 - ETRON)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BFECD64-464B-4FDF-8D3E-98D10576FD7D} - System32\Tasks\0715avUpdateInfo => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe 
Task: {2BFAE743-ED2F-4E3A-BB08-E35CD3782890} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {2D8CA166-C188-4D7B-881F-A9CC892E2840} - System32\Tasks\HP AR Program Upload - d77dc0b23f0d4a4b94de0fa08ed7689af165f4121cc840c688d280268f118f2f => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {43654E2F-519D-4AD2-BF48-7BD902E39559} - System32\Tasks\HP AR Program Upload - 266169d4c15d42d98792b69faaad09be883dac1ca9ac47ffb31a810d10c5c602 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {5346CDAE-5D3E-47E4-B9D2-1F20D0D8060F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-06] (Google Inc.)
Task: {57F886DD-0CD0-4D95-ADC6-756BAD8B20C7} - System32\Tasks\HP AR Program Upload - ed225ec28faa4de69aa38a7e71c12cf8fbd59866eac840578c7dc320e8048fd7 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {5C2F98BA-6F03-43DB-B5F5-B5A1B3B32F4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-06] (Google Inc.)
Task: {712F7E10-29FD-4F02-8024-D9D006EBDC84} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {758E6F9E-1A23-487C-8504-742D9F7A50C6} - System32\Tasks\HP AR Program Upload - f35b06af1f374e60a3ad414eb5c3d41a032fd27133d3434f9bd8aff3d42a6c4f => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {973746E5-6FC0-46B7-BD31-7824DF328A7F} - System32\Tasks\HP AR Program Upload - baad65bec35348a59e75f47e0acd9b4411d2b698a054484f83cf61d4d95229a3 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {B3CD23D6-9B82-47F4-8F5E-B213D1251910} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {CEE580BB-EC17-494F-BFE8-B6646C3E1766} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-05] (AVAST Software)
Task: {CF902713-04FF-4F17-BEA0-13ECDC5612EE} - System32\Tasks\SafeZone scheduled Autoupdate 1491407244 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {E9CA0583-A9E0-4721-9123-904793E98B97} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {F26CD7EC-6F79-4A22-98C6-9ED5F6402A19} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-05] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\0715avUpdateInfo.job => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-04-05 16:41 - 2017-04-05 16:41 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-04-05 16:42 - 2017-04-05 16:42 - 00790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-04-05 16:42 - 2017-04-05 16:42 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2016-06-29 19:01 - 2016-06-29 19:01 - 08166536 _____ () C:\Program Files (x86)\SpeedFan\speedfan.exe
2017-04-05 16:42 - 2017-04-05 16:42 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-05 16:42 - 2017-04-05 16:42 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-05 16:42 - 2017-04-05 16:42 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-05 16:42 - 2017-04-05 16:42 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-04-08 13:41 - 2017-04-08 13:41 - 06022832 _____ () C:\Program Files\AVAST Software\Avast\defs\17040800\algo.dll
2017-04-05 16:42 - 2017-04-05 16:42 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-05 16:41 - 2017-04-05 16:41 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-09-07 08:51 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\Home\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-07 08:51 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\Home\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2017-04-08 16:42 - 2017-04-08 16:42 - 00158720 _____ () C:\Users\Home\AppData\Local\Temp\sfareca00001.dll
2017-04-08 16:42 - 2017-04-08 16:42 - 00192512 _____ () C:\Users\Home\AppData\Local\Temp\sfamcc00001.dll
2017-04-08 16:49 - 2017-04-08 16:49 - 00158720 _____ () C:\Users\Home\AppData\Local\Temp\sfareca00002.dll
2017-04-08 16:49 - 2017-04-08 16:49 - 00192512 _____ () C:\Users\Home\AppData\Local\Temp\sfamcc00002.dll
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2017-04-06 07:50 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2588259368-3398593882-3987161955-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{91582C4B-FF78-4304-9353-82382426A9B7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{7D324CCA-A9AE-4FA6-BE76-DC9C52F85625}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{D324E971-28F4-4AEC-A6FE-F8348E64DEBF}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{0C4C3AA0-2E79-480C-A36F-1EB22B74B829}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{F80683F8-8B4E-41A9-BA47-5ED1BBA63A89}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{057B838A-CBDE-4FEC-9424-28564464878E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B6131709-9C92-46EF-8873-05AA84527A0B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{FE14C52B-B307-44A5-8305-0877E29A286E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [TCP Query User{3A02E090-352B-4401-88A4-542C954253E2}C:\users\home\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\home\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{54A01565-46AF-45C3-A7B1-608464600528}C:\users\home\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\home\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FD9E55CB-621C-4310-9933-F702B56FBF57}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{3001989F-AC38-4230-BC46-1DF7A56E9AB1}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3D6C740C-368E-479A-B484-D0827DD91718}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS04FE\HPDiagnosticCoreUI.exe
FirewallRules: [{ED9974F9-C96C-42DE-8B42-D7310677512A}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS04FE\HPDiagnosticCoreUI.exe
FirewallRules: [{1BE16BA5-0406-45E0-AC61-D452984970FD}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS7EC1\HPDiagnosticCoreUI.exe
FirewallRules: [{0A7756BE-9C8F-4206-9C6E-4737F2B4CE89}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS7EC1\HPDiagnosticCoreUI.exe
FirewallRules: [{6A4A8261-C727-4D6E-B399-F06DF0E4FFB1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{4D43F22D-30B6-4002-9481-3372D9A95E03}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{6BFDCED0-68E2-4362-92B6-6E689B668555}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{1EC82F80-A0C5-4349-AF33-4E8F3A6DFD1E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{BD65C8F9-158E-4110-B712-5678C8D75502}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS7F43\HPDiagnosticCoreUI.exe
FirewallRules: [{06945B05-D32E-4B23-840D-2F5CBFB66D02}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS7F43\HPDiagnosticCoreUI.exe
FirewallRules: [{79F1A065-DE42-4FC5-A9C9-DD40DB34BD0E}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS7F98\HPDiagnosticCoreUI.exe
FirewallRules: [{4C2E681B-025E-46F9-9135-772609516805}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS7F98\HPDiagnosticCoreUI.exe
FirewallRules: [{291F5196-C787-4871-A693-E558DD01C4EF}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS0481\HPDiagnosticCoreUI.exe
FirewallRules: [{22C478D7-9E54-4617-904B-D24E10774339}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS0481\HPDiagnosticCoreUI.exe
FirewallRules: [{7BADB43D-255B-4935-A2A7-E415E329FC79}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS177D\HPDiagnosticCoreUI.exe
FirewallRules: [{61D98987-BC49-40F9-924C-7DBE46C56C64}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS177D\HPDiagnosticCoreUI.exe
FirewallRules: [{C4292078-DACC-4A5B-839E-86882E303808}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS17D5\HPDiagnosticCoreUI.exe
FirewallRules: [{BFC82851-E516-4388-A07E-E53D0DA7A84F}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS17D5\HPDiagnosticCoreUI.exe
FirewallRules: [{20D13A48-473C-4E11-B40D-855B0A29118A}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS21A6\HPDiagnosticCoreUI.exe
FirewallRules: [{955E97F9-8FC0-44E6-9B2A-68BB8AEBA175}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS21A6\HPDiagnosticCoreUI.exe
FirewallRules: [{C5EAAEFE-846F-4066-865C-0EC94EE34959}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS2280\HPDiagnosticCoreUI.exe
FirewallRules: [{554454FB-9949-4E07-BE5F-DE8FA7B81332}] => (Allow) C:\Users\Home\AppData\Local\Temp\7zS2280\HPDiagnosticCoreUI.exe
FirewallRules: [{CC70C1F7-BD77-4AF4-AAAE-C0EF35C89BD4}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{B35E5CCF-62E2-42EF-90A9-978CA3F8C1D0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
06-04-2017 12:40:28 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (04/08/2017 10:22:15 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (04/08/2017 10:22:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (04/07/2017 07:41:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 70%
Total physical RAM: 3063.43 MB
Available physical RAM: 895.9 MB
Total Virtual: 6125.04 MB
Available Virtual: 3688.23 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:78.14 GB) (Free:31.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:154.69 GB) (Free:154.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: EA1AA9C7)
Partition 1: (Active) - (Size=78.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=154.7 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

Edited by Waste of Space, 08 April 2017 - 11:01 AM.

  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Uninstall:

 

McAfee Security Scan Plus 

 

It's worthless.

 

How is it running now?


  • 0

#27
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

How is it running now?  Hmmmm....  I'm not entirely certain.

 

I took the top off the PC and gave the fans and grilles a good dust-off with an assortment of small paintbrushes, then switched on to check that all fans were working, which they definitely were.  I then put everything back together, powered up and switched on.

 

I was greeted by a black screen with white lettering on it which I barely had time to read before the PC put itself into soft reboot mode and automatically ran Startup Repair. 'Your computer was unable to start. Startup Repair is checking your system for problems.'  After about fifteen minutes, it announced:

 

Startup Repair cannot repair this computer automatically.

 

Problem Details:

 

Problem Signature

 

Problem Event Name     StartupRepairOffline

Problem Signature 01:   6.1.7600.16385

Problem Signature 02:   6.1.7600.16385

Problem Signature 03:   unknown

Problem Signature 04:   286

Problem Signature 05:   AutoFailover

Problem Signature 06:   1

Problem Signature 07:   NoRootCause

OS Version:                       6.1.7601.2.1.0.256.1

Locale ID:                          1033

 

 

As you'd imagine, I figured my PC was stone dead, face down in a puddle.  But when I restarted it, it sprang back to life and here I now am.  I guess it's fair to assume though that the same situation could play out again and I might not be quite so lucky.  If simply taking the lid off my PC and tilting it upwards slightly (so as to allow me to see into a fan bay and insert a small paintbrush) is enough to convince Startup Repair that the machine is beyond hope, its innards must be very fragile and temperamental indeed.

 

Whatever: having cleaned all the dust and fluff out of the PC, I ran Speedfan again and the outcome is now

 

Fan 1:   1720 rpm

Fan 2:   0 rpm

Fan 3:   1050 rpm

Fan 4:   951 rpm

 

Temp 1:   39C

Temp 2:   21C

Temp 3:   21C

Temp 4:   0C

HDO:       39C


Edited by Waste of Space, 09 April 2017 - 10:34 AM.

  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

No idea what happened but apparently it needed the cleaning.

 

You can let speedfan analyze your disk again, perhaps there have been major changes in the errors we were seeing.

 

Might be something in the event logs:

 

 

 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop (if you don't already have it):
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

  • 0

#29
Waste of Space

Waste of Space

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Okay, I'm back again for more fun and laughter. I've followed your suggestions, O awesome RKinner, and here are the results.  I'm hoping that perusing them isn't too deeply painful an experience for you.

 

(Incidentally, I'm guessing that there never was any 'Invasion of Undetectable Malware' and that all my problems were simply caused by parts of my hard disk spontaneously disintegrating. Yes?  If so, I'm heartily relieved.  Many thanks for your invaluable assistance, O mighty one.)

 

Latest In-Depth Online Analysis by Speedfan:

 

http://www.hddstatus...cation=2C698C2B

 

 

 

Vino’s Event Viewer Tool:

 

Scan 1:  ‘System’

 

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 10/04/2017 16:06:23

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 09/04/2017 14:24:21

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 10/04/2017 07:56:38

Type: Error Category: 0

Event: 36887 Source: Schannel

The following fatal alert was received: 70.

 

Log: 'System' Date/Time: 09/04/2017 08:57:13

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Log: 'System' Date/Time: 09/04/2017 08:57:12

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Malwarebytes Anti-Exploit Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Log: 'System' Date/Time: 09/04/2017 08:57:12

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

 

Log: 'System' Date/Time: 09/04/2017 08:57:12

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Log: 'System' Date/Time: 08/04/2017 09:22:15

Type: Error Category: 0

Event: 14332 Source: Microsoft-Windows-WMPNSS-Service

Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

 

Log: 'System' Date/Time: 08/04/2017 09:22:00

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

 

Log: 'System' Date/Time: 07/04/2017 18:41:37

Type: Error Category: 0

Event: 36887 Source: Schannel

The following fatal alert was received: 70.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 10/04/2017 12:49:49

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 10/04/2017 09:00:20

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 10/04/2017 08:08:09

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MOTOROLA&PROD_W377_MOBILE&REV_1000#6&70E286F&0#.

 

Log: 'System' Date/Time: 09/04/2017 20:10:13

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 09/04/2017 14:26:56

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_JETFLASH&PROD_TRANSCEND_32GB&REV_1100#57TMVKNFUFBG8WGR&0#.

 

Log: 'System' Date/Time: 09/04/2017 11:41:26

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 09/04/2017 08:57:30

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 08/04/2017 20:17:30

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 08/04/2017 11:28:14

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 08/04/2017 08:29:11

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 07/04/2017 20:06:24

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 07/04/2017 16:49:32

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 07/04/2017 10:05:07

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

Log: 'System' Date/Time: 07/04/2017 08:36:59

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

 

 

Scan 2:  ‘Application’

 

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 10/04/2017 16:09:10

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 10/04/2017 12:49:42

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1400 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

 

 

Log: 'Application' Date/Time: 10/04/2017 09:00:14

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1408 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

Process 588 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

 

 

Log: 'Application' Date/Time: 09/04/2017 20:09:58

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1400 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

 

 

Log: 'Application' Date/Time: 09/04/2017 11:41:08

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1388 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

 

 

Log: 'Application' Date/Time: 09/04/2017 08:57:23

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1396 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

 

 

Log: 'Application' Date/Time: 08/04/2017 20:17:05

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1400 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

 

 

Log: 'Application' Date/Time: 08/04/2017 11:27:51

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1404 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

 

 

Log: 'Application' Date/Time: 08/04/2017 08:29:02

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1384 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

 

 

Log: 'Application' Date/Time: 07/04/2017 20:06:14

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1404 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

 

 

Log: 'Application' Date/Time: 07/04/2017 16:49:19

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1400 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

 

 

Log: 'Application' Date/Time: 07/04/2017 10:04:58

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1416 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

 

 

Log: 'Application' Date/Time: 07/04/2017 08:36:46

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1400 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000


Edited by Waste of Space, 10 April 2017 - 09:15 AM.

  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Nothing in VEW that would explain the crash tho there was a slight uptick in the number of Hardware ECC Recovered so it may be more of the drive failing.  


  • 0






Similar Topics


Also tagged with one or more of these keywords: Windows 7, Mysterious, Malware, Unidentifiable, Urgent, Help, Malwarebytes

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP