Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Keeps freezing

Started by BC12 , Apr 13 2017 01:21 PM

Please log in to reply

#1
BC12

Posted 13 April 2017 - 01:21 PM

Member

Member
12 posts

my comp is really sluggish and not responding , logs enclosed

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Chris (administrator) on DELL-530 (13-04-2017 20:15:26)
Running from C:\Users\Chris\Downloads
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
() C:\Program Files\HDD Health\HDDHealthService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Silverlight\5.1.50905.0\Silverlight.Configuration.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-08-12] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-04-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-02-21]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-02-21]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-02-21]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2017-02-21]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.exe (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-08-16] (RealPlayer)
BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-08-12] (Wondershare)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF DefaultProfile: 2m53848d.default
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2m53848d.default [2017-04-13]
FF Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2m53848d.default\Extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi [2017-04-06]
FF Extension: (Adblock Plus) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2m53848d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-05-06] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]_xpi [2016-08-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-16] (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2016-10-18]
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-05]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2016-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5758120 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-04-04] (AVAST Software)
R2 HDDHealth; C:\Program Files\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [255184 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148208 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267528 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-04-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106904 2017-04-04] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-08-02] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\drivers\aswNdis2.sys [329728 2017-04-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [60760 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-04-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764064 2017-04-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [472760 2017-04-04] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184208 2017-04-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-04-04] (AVAST Software)
R3 gttap1; C:\Windows\System32\DRIVERS\gttap1.sys [32552 2013-09-12] (The OpenVPN Project)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [220088 2017-04-12] (Malwarebytes)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [43520 2009-12-10] (--)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-13 20:15 - 2017-04-13 20:16 - 00013943 _____ C:\Users\Chris\Downloads\FRST.txt
2017-04-13 20:14 - 2017-04-13 20:14 - 01766912 _____ (Farbar) C:\Users\Chris\Downloads\FRST.exe
2017-04-13 17:53 - 2017-04-13 17:53 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Sun
2017-04-13 17:53 - 2017-04-13 17:53 - 00000000 ____D C:\Program Files\Common Files\Java
2017-04-13 17:52 - 2017-04-13 17:52 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-04-13 17:52 - 2017-04-13 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-13 17:51 - 2017-04-13 17:51 - 00000000 ____D C:\ProgramData\Oracle
2017-04-13 17:51 - 2017-04-13 17:51 - 00000000 ____D C:\Program Files\Java
2017-04-13 17:48 - 2017-04-13 17:48 - 00738880 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jxpiinstall.exe
2017-04-13 17:27 - 2017-04-13 17:33 - 00000000 ____D C:\Users\Chris\Desktop\sim14
2017-04-13 17:08 - 2017-04-13 17:15 - 00000000 ____D C:\Users\Chris\Desktop\lauzv3
2017-04-13 16:57 - 2017-04-13 17:03 - 00000000 ____D C:\Users\Chris\Desktop\lapics2
2017-04-13 16:44 - 2017-04-13 16:48 - 00000000 ____D C:\Users\Chris\Desktop\Ozzzzzz1
2017-04-12 23:38 - 2017-04-12 23:38 - 04089296 _____ C:\Users\Chris\Downloads\AdwCleaner.exe
2017-04-04 16:34 - 2017-04-04 16:34 - 04089296 _____ C:\Users\Chris\Downloads\adwcleaner_6.045.exe
2017-04-04 16:23 - 2017-04-04 16:22 - 00330256 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-27 03:04 - 2017-02-11 16:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-03-23 20:41 - 2017-04-11 22:48 - 00002537 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-03-23 20:41 - 2017-04-11 22:48 - 00002537 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2017-03-23 20:41 - 2017-03-23 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-03-23 20:41 - 2017-03-23 20:41 - 00000000 ____D C:\Program Files\Sophos
2017-03-23 20:35 - 2017-02-09 18:11 - 03610856 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-03-23 20:35 - 2017-02-09 18:11 - 03558120 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-23 20:34 - 2017-02-11 16:22 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-23 20:33 - 2017-01-28 18:02 - 01253888 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-23 20:32 - 2017-02-11 17:54 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-23 20:32 - 2017-02-11 17:53 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-23 20:32 - 2017-02-11 17:16 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2017-03-23 20:32 - 2017-02-11 17:16 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2017-03-23 20:32 - 2017-02-11 17:16 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2017-03-23 20:32 - 2017-02-11 17:16 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2017-03-23 20:32 - 2017-02-11 16:35 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-03-23 20:32 - 2017-02-11 16:34 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-03-23 20:32 - 2017-02-11 16:25 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-03-23 20:32 - 2017-02-11 16:23 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-23 20:32 - 2017-02-11 16:23 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-23 20:31 - 2017-03-23 20:35 - 164935112 _____ (Sophos Limited) C:\Users\Chris\Downloads\Sophos Virus Removal Tool(1).exe
2017-03-23 20:31 - 2017-02-09 18:04 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-23 20:31 - 2017-02-09 16:33 - 02074112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-23 20:30 - 2017-01-13 21:16 - 00739840 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-23 20:29 - 2017-01-05 17:58 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-23 17:07 - 2017-03-04 01:33 - 01816064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-23 17:07 - 2017-03-04 01:32 - 12841472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-23 17:07 - 2017-03-04 01:28 - 09756160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-23 17:07 - 2017-03-04 01:28 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-23 17:07 - 2017-03-04 01:28 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-23 17:07 - 2017-03-04 01:27 - 01805312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-23 17:07 - 2017-03-04 01:27 - 01130496 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-23 17:07 - 2017-03-04 01:27 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-23 17:07 - 2017-03-04 01:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-23 17:07 - 2017-03-04 01:26 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-23 17:07 - 2017-03-04 01:26 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-03-23 17:07 - 2017-03-04 01:26 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-03-17 20:54 - 2017-04-04 16:21 - 00267528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-03-17 20:54 - 2017-04-04 16:21 - 00255184 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-03-17 20:54 - 2017-04-04 16:21 - 00148208 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-03-17 20:54 - 2017-04-04 16:21 - 00041176 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-03-15 19:44 - 2017-04-06 08:33 - 00000259 _____ C:\Windows\wininit.ini
2017-03-15 19:34 - 2017-04-13 20:15 - 00000000 ____D C:\FRST
2017-03-15 16:58 - 2017-03-15 17:02 - 00000000 ____D C:\Users\Chris\Downloads\marm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-13 20:04 - 2013-07-23 22:29 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2017-04-13 19:16 - 2006-11-02 13:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-13 19:16 - 2006-11-02 13:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-13 17:53 - 2016-10-17 21:10 - 00764972 _____ C:\Windows\ntbtlog.txt
2017-04-13 16:30 - 2015-11-26 19:36 - 00002445 _____ C:\Users\Public\Desktop\InPlay IPTV.lnk
2017-04-13 16:30 - 2015-11-26 19:36 - 00002445 _____ C:\ProgramData\Desktop\InPlay IPTV.lnk
2017-04-13 16:20 - 2016-11-19 23:46 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\Mozilla
2017-04-13 14:32 - 2016-02-24 15:25 - 00052736 _____ C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-13 14:27 - 2016-11-23 02:30 - 963648320 _____ C:\Users\Chris\Desktop\20160225_080009.mp4
2017-04-13 01:22 - 2017-03-09 22:40 - 00000000 ____D C:\AdwCleaner
2017-04-12 07:47 - 2012-12-13 20:48 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-04-12 07:47 - 2012-12-13 20:48 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-04-12 07:47 - 2008-10-23 13:28 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-12 02:38 - 2017-02-01 16:44 - 00220088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-12 02:38 - 2017-02-01 16:42 - 00059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-04-10 21:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2017-04-10 21:21 - 2006-11-02 11:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-10 21:17 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-04-10 21:16 - 2017-02-26 18:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-10 21:16 - 2017-02-26 18:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-10 21:16 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-04 16:35 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2017-04-04 16:22 - 2015-09-13 14:11 - 00184208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-04-04 16:22 - 2014-08-02 22:53 - 00472760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-04 16:22 - 2014-08-02 22:53 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-04 16:22 - 2014-08-02 22:53 - 00106904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-04 16:22 - 2014-08-02 22:53 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-04 16:22 - 2014-08-02 22:53 - 00060760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-04-04 16:22 - 2014-08-02 22:53 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-04 16:21 - 2014-08-02 22:53 - 00764064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-04 16:21 - 2014-08-02 22:53 - 00329728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2017-04-04 16:21 - 2014-08-02 22:53 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-27 03:03 - 2013-08-14 03:08 - 00000000 ____D C:\Windows\system32\MRT
2017-03-27 03:01 - 2006-11-02 11:24 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-03-26 15:28 - 2016-06-29 18:12 - 03583104 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-26 15:24 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Movie Maker
2017-03-23 20:27 - 2013-05-08 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-23 20:26 - 2013-05-08 16:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-20 01:01 - 2012-06-07 21:14 - 00000000 ____D C:\Temp
2017-03-17 20:54 - 2012-02-22 22:55 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-16 23:23 - 2006-11-02 14:01 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-15 20:12 - 2016-11-19 23:36 - 00000000 ____D C:\Users\Chris\Desktop\vidz

==================== Files in the root of some directories =======

2016-03-06 18:13 - 2017-02-14 10:31 - 0001041 _____ () C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
2016-05-16 20:15 - 2016-06-13 16:09 - 0001356 _____ () C:\Users\Chris\AppData\Local\d3d9caps.dat
2016-02-24 15:25 - 2017-04-13 14:32 - 0052736 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-13 09:38

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Chris (13-04-2017 20:17:23)
Running from C:\Users\Chris\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2011-02-04 10:32:19)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3299710142-3868310564-1978959094-500 - Administrator - Disabled)
Chris (S-1-5-21-3299710142-3868310564-1978959094-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3299710142-3868310564-1978959094-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 3484544.-2.2005037430.2005036444 - Audible, Inc.)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
ConvertXtoDVD 4.0.9.322 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.9.322 - )
EasyBCD 1.7 (HKLM\...\EasyBCD) (Version: 1.7 - NeoSmart Technologies)
ffdshow [rev 2180] [2008-10-04] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HDD Health v4.2 (HKLM\...\HDD Health_is1) (Version: - )
InPlay IPTV (HKLM\...\{4CE87481-C78C-4543-9AA0-2117CD5BF917}) (Version: 4.0.0 - Cobain ltd)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Leawo Video Converter version 5.1.0.0 (HKLM\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version: - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 52.0.2 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-GB)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 7 Lite 7.10.1.2 (HKLM\...\Nero7Lite_is1) (Version: 7.10.1.2 - UpdatePack.nl)
PressReader (HKLM\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.16.0115.0 - PressReader Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skitch (HKLM\...\Skitch 1.0.2.0) (Version: 2.2.0.4 - Evernote Corp.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.1 - win.rar GmbH)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410C}) (Version: 21.0.12288 - WinZip Computing, S.L. )
Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Wondershare Video Converter Ultimate(Build 8.8.0.3) (HKLM\...\Wondershare Video Converter Ultimate_is1) (Version: 8.8.0.3 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Chris\AppData\Local\Chromium\Application\46.0.2480.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2EEC41BC-155E-4FB6-B264-D9E2D9DC9DDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {3EB8B375-8256-4EC9-AAB5-4E9A8BB70B2D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-04] (AVAST Software)
Task: {677CD573-8156-4B83-8781-B7646D6B0415} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {6C8D4CF4-1C63-4C48-B143-C93A6A689A5B} - System32\Tasks\SafeZone scheduled Autoupdate 1449186754 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {C9BE9F1E-CC67-4EAF-B2B3-6D345758AD23} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-02-10] (WinZip)
Task: {DC0B49E4-3258-40BE-81A6-B40E45F2E425} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One) Tweaking.com - Windows Repair )Created By Tweaking.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-04-04 16:22 - 2017-04-04 16:22 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-04 16:22 - 2017-04-04 16:22 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-10 12:48 - 2017-04-10 12:48 - 06022832 _____ () C:\Program Files\AVAST Software\Avast\defs\17041000\algo.dll
2017-04-04 16:22 - 2017-04-04 16:22 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-04 16:22 - 2017-04-04 16:22 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-04-12 09:23 - 2017-04-12 09:23 - 06022832 _____ () C:\Program Files\AVAST Software\Avast\defs\17041200\algo.dll
2017-04-13 13:27 - 2017-04-13 13:27 - 06015544 _____ () C:\Program Files\AVAST Software\Avast\defs\17041300\algo.dll
2014-03-25 06:27 - 2013-03-08 10:54 - 00017760 _____ () C:\Program Files\HDD Health\HDDHealthService.exe
2016-06-29 18:20 - 2016-06-29 18:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-04 16:21 - 2017-04-04 16:21 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-01 16:42 - 2017-04-12 02:38 - 01736992 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-04 16:21 - 2017-04-04 16:21 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-04-04 16:22 - 2017-04-04 16:22 - 00230632 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2015-08-26 08:44 - 2015-08-26 08:44 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Chris\Desktop\20160225_080009.mp4:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-01-28 16:22 - 2017-02-25 19:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDDHealth.lnk => C:\Windows\pss\HDDHealth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: ZAM => "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{F4CFD83A-D58B-4331-9FC7-226F9784CDC4}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{12BEC677-E9D6-44B9-BABE-F2063712476A}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{63B46E60-3403-4499-A84A-2E131052042D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{A80137C5-6CBA-412B-A1EC-D75758F79773}C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [UDP Query User{8086F52E-78FA-489A-B2C4-2651DAE624EB}C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [TCP Query User{01072E77-9C3B-4616-930C-17F242C61391}C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe] => (Block) C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [UDP Query User{B4B0273B-6E73-4483-AA42-4F3F1458FF14}C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe] => (Block) C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe
FirewallRules: [{DFECEA6A-5846-4D8E-8A7E-7E8EA11DA650}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5820D49A-8C3F-4C48-B68B-9B51B26FF326}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => Enabled:pre-scan_6_31.05.2016.1
StandardProfile\AuthorizedApplications: [C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => Enabled:adsfix_3_09.06.2016.1

==================== Restore Points =========================

04-04-2017 17:24:41 Scheduled Checkpoint
06-04-2017 00:00:01 Scheduled Checkpoint
07-04-2017 00:00:01 Scheduled Checkpoint
10-04-2017 21:47:47 Scheduled Checkpoint
12-04-2017 01:03:57 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2017 04:21:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\2M53848D.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (04/12/2017 11:05:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\DOWNLOADS\ANGEL SMALLS IN DIRTY LITTLE ANGEL (EVIL ANGEL) 2017 SPLIT SCENES\4 ANGEL SMALLS.MP4> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (04/12/2017 11:05:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\DOWNLOADS\ANGEL SMALLS IN DIRTY LITTLE ANGEL (EVIL ANGEL) 2017 SPLIT SCENES\3 ANGEL SMALLS, HOLLY HENDRIX.MP4> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (04/12/2017 11:05:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\DOWNLOADS\ANGEL SMALLS IN DIRTY LITTLE ANGEL (EVIL ANGEL) 2017 SPLIT SCENES\2 ANGEL SMALLS.MP4> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (04/12/2017 11:05:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\DOWNLOADS\ANGEL SMALLS IN DIRTY LITTLE ANGEL (EVIL ANGEL) 2017 SPLIT SCENES\1 ANGEL SMALLS.MP4> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (03/27/2017 03:03:46 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/27/2017 03:03:44 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (03/17/2017 04:54:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\2M53848D.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (03/17/2017 04:54:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\2M53848D.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (03/10/2017 01:41:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCALLOW\MOZILLA\TEMP-{7742B551-A726-4741-A3B0-4412EB39E8A0}\_AVAST_> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

System errors:
=============
Error: (04/10/2017 09:22:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (04/10/2017 09:17:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (04/10/2017 09:16:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 21:15:23 on 10/04/2017 was unexpected.

Error: (04/04/2017 04:21:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (04/04/2017 04:16:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (04/04/2017 04:16:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:15:08 on 04/04/2017 was unexpected.

Error: (03/26/2017 03:28:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/26/2017 03:27:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:34:09 on 23/03/2017 was unexpected.

Error: (03/20/2017 11:18:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/20/2017 11:17:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 00:10:04 on 20/03/2017 was unexpected.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 72%
Total physical RAM: 3060.45 MB
Available physical RAM: 832.2 MB
Total Virtual: 6351.89 MB
Available Virtual: 2725.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.32 GB) (Free:120.72 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Apr 13 2017) (CDROM) (Total:4.38 GB) (Free:0.07 GB) UDF

#2
RKinner

Posted 16 April 2017 - 09:35 AM

Malware Expert

Expert
24,624 posts

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

http://www.eightforu...indows-8-a.html

http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!)

Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options

Then scroll down to where you see

Choose File and click on it. Point it at the file and hit Open.

Now click on Attach this file.

#3
BC12

Posted 27 April 2017 - 07:57 AM

Member

Topic Starter
Member
12 posts

notepad wouldnt work

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
System Idle Process   88.35   0 K   24 K   0
procexp.exe   4.66   31,036 K   34,812 K   2644   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com
WmiPrvSE.exe   3.88   9,152 K   7,596 K   4488   WMI Provider Host   Microsoft Corporation
firefox.exe   1.55   371,148 K   411,068 K   5152   Firefox   Mozilla Corporation
dwm.exe   0.78   56,644 K   70,564 K   1120   Desktop Window Manager   Microsoft Corporation
csrss.exe   0.78   2,596 K   7,844 K   692   Client Server Runtime Process   Microsoft Corporation
System   < 0.01   0 K   21,876 K   4
procexp.exe   < 0.01   17,256 K   26,352 K   4636   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com
svchost.exe   < 0.01   105,228 K   97,976 K   1160   Host Process for Windows Services   Microsoft Corporation
FAHWindow32.exe   < 0.01   1,456 K   520 K   4980   File Association Helper   WinZip Computing, S.L.
FlashPlayerPlugin_25_0_0_148.exe   < 0.01   20,124 K   20,656 K   6072   Adobe Flash Player 25.0 r0   Adobe Systems, Inc.
ConvertXtoDvd.exe   < 0.01   165,276 K   125,920 K   2312   ConvertXToDVD transcoder   VSO Software SARL
svchost.exe   < 0.01   115,996 K   97,924 K   1184   Host Process for Windows Services   Microsoft Corporation
plugin-container.exe   < 0.01   27,072 K   27,176 K   6048   Plugin Container for Firefox   Mozilla Corporation
aswidsagent.exe   < 0.01   15,764 K   17,552 K   3504   Avast Behavior Shield   AVAST Software s.r.o.
explorer.exe   < 0.01   98,896 K   70,568 K   3992   Windows Explorer   Microsoft Corporation
FlashPlayerPlugin_25_0_0_148.exe   < 0.01   4,460 K   9,712 K   4008   Adobe Flash Player 25.0 r0   Adobe Systems, Inc.
lsass.exe   < 0.01   4,732 K   5,092 K   776   Local Security Authority Process   Microsoft Corporation
audiodg.exe   < 0.01   25,032 K   18,868 K   1324   Windows Audio Device Graph Isolation    Microsoft Corporation
AvastSvc.exe   < 0.01   376,548 K   40,988 K   1712   Avast Service   AVAST Software
svchost.exe   < 0.01   26,268 K   11,792 K   1572   Host Process for Windows Services   Microsoft Corporation
iexplore.exe   < 0.01   15,624 K   30,320 K   5440   Internet Explorer   Microsoft Corporation
AvastUI.exe   < 0.01   26,484 K   28,236 K   4208   Avast Antivirus   AVAST Software
wmpnetwk.exe   < 0.01   5,804 K   5,020 K   2316   Windows Media Player Network Sharing Service   Microsoft Corporation
svchost.exe   < 0.01   17,612 K   7,676 K   1136   Host Process for Windows Services   Microsoft Corporation
csrss.exe   < 0.01   2,868 K   2,620 K   640   Client Server Runtime Process   Microsoft Corporation
SearchIndexer.exe   < 0.01   46,684 K   21,068 K   2108   Microsoft Windows Search Indexer   Microsoft Corporation
CCleaner.exe   < 0.01   16,036 K   9,500 K   5244   CCleaner   Piriform Ltd
WzPreloader.exe   < 0.01   8,760 K   3,444 K   4532   WinZip Preloader   WinZip Computing, S.L.
iexplore.exe   < 0.01   42,768 K   66,240 K   2244   Internet Explorer   Microsoft Corporation
lsm.exe   < 0.01   1,964 K   1,632 K   788   Local Session Manager Service   Microsoft Corporation
svchost.exe   < 0.01   3,628 K   3,884 K   1004   Host Process for Windows Services   Microsoft Corporation
ss_conn_service.exe   < 0.01   1,572 K   432 K   208   MSS CS Connectivity Service   DEVGURU Co., LTD.
afwServ.exe   < 0.01   13,580 K   10,336 K   1764   Avast firewall service   AVAST Software
MBAMService.exe   < 0.01   13,008 K   10,248 K   2260   Malwarebytes Service   Malwarebytes
spoolsv.exe   < 0.01   6,196 K   2,328 K   1876   Spooler SubSystem App   Microsoft Corporation
Interrupts   < 0.01   0 K   0 K   n/a   Hardware Interrupts and DPCs
WZQKPICK32.exe       1,516 K   624 K   4648   WinZip Quick Pick   WinZip Computing, S.L.
wmpnscfg.exe       1,984 K   1,772 K   1172   Windows Media Player Network Sharing Service Configuration Application   Microsoft Corporation
WmiPrvSE.exe       3,184 K   5,692 K   4788   WMI Provider Host   Microsoft Corporation
winlogon.exe       1,928 K   1,748 K   736   Windows Logon Application   Microsoft Corporation
wininit.exe       1,204 K   336 K   680   Windows Start-Up Application   Microsoft Corporation
unsecapp.exe       2,536 K   1,712 K   4804   Sink to receive asynchronous callbacks for WMI client application   Microsoft Corporation
taskeng.exe       10,364 K   4,504 K   3640   Task Scheduler Engine   Microsoft Corporation
taskeng.exe       2,228 K   2,728 K   2192   Task Scheduler Engine   Microsoft Corporation
taskeng.exe       1,716 K   1,136 K   5144   Task Scheduler Engine   Microsoft Corporation
svchost.exe       3,464 K   3,928 K   928   Host Process for Windows Services   Microsoft Corporation
svchost.exe       10,100 K   12,900 K   1452   Host Process for Windows Services   Microsoft Corporation
svchost.exe       8,844 K   7,524 K   1900   Host Process for Windows Services   Microsoft Corporation
svchost.exe       2,348 K   1,688 K   1344   Host Process for Windows Services   Microsoft Corporation
svchost.exe       2,248 K   2,364 K   1908   Host Process for Windows Services   Microsoft Corporation
svchost.exe       4,452 K   3,212 K   1568   Host Process for Windows Services   Microsoft Corporation
svchost.exe       1,520 K   556 K   2080   Host Process for Windows Services   Microsoft Corporation
svchost.exe       1,828 K   1,292 K   3424   Host Process for Windows Services   Microsoft Corporation
svchost.exe       2,596 K   4,836 K   4484   Host Process for Windows Services   Microsoft Corporation
smss.exe       360 K   232 K   572   Windows Session Manager   Microsoft Corporation
SLsvc.exe       7,112 K   2,296 K   1364   Microsoft Software Licensing Service   Microsoft Corporation
services.exe       2,496 K   2,720 K   756   Services and Controller app   Microsoft Corporation
RtHDVCpl.exe       9,036 K   1,364 K   1508   HD Audio Control Panel   Realtek Semiconductor
mbamtray.exe       16,944 K   4,696 K   2176   Malwarebytes Tray Application   Malwarebytes
jusched.exe       6,312 K   1,432 K   824   Java Update Scheduler   Oracle Corporation
jucheck.exe       11,836 K   1,844 K   3320   Java Update Checker   Oracle Corporation
HDDHealthService.exe       768 K   572 K   1244
ehsched.exe       972 K   580 K   1108   Windows Media Center Scheduler Service   Microsoft Corporation
ehrecvr.exe       5,156 K   2,380 K   696   Windows Media Center Receiver Service   Microsoft Corporation
AERTSrv.exe       368 K   196 K   604   Andrea filters APO access service (32-bit)   Andrea Electronics Corporation

Attached Files

DELL-530.txt 125.05KB 320 downloads

#4
RKinner

Posted 27 April 2017 - 08:16 AM

Malware Expert

Expert
24,624 posts

You have a Seagate drive and like all Seagates it is showing errors in the S.M.A.R.T section of Speccy. Back up any files you don't want to lose as it could fail in the near future (or 10 years from now).

Let's run a disk check and see if that helps any:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.

The prompt must be: c:\Windows\System32> If not you did not right click and run as admin.

Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close notepad. Close the Command Window.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

#5
BC12

Posted 28 April 2017 - 10:28 AM

Member

Topic Starter
Member
12 posts

i get an error message on vew

path file access error

#6
RKinner

Posted 28 April 2017 - 08:46 PM

Malware Expert

Expert
24,624 posts

I just tried a new download on my Win 10 and it still works so suspect you forgot to right click and Run As Admin.

#7
BC12

Posted 29 April 2017 - 08:29 AM

Member

Topic Starter
Member
12 posts

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 29/04/2017 15:28:31

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/04/2017 22:24:04
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 26/04/2017 01:28:35
Type: Error Category: 0
Event: 36 Source: volsnap
The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Log: 'System' Date/Time: 21/04/2017 03:06:56
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 10/04/2017 20:22:22
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.

Log: 'System' Date/Time: 10/04/2017 20:17:19
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 10/04/2017 20:16:45
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 21:15:23 on 10/04/2017 was unexpected.

Log: 'System' Date/Time: 04/04/2017 15:21:53
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.

Log: 'System' Date/Time: 04/04/2017 15:16:58
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 04/04/2017 15:16:44
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 16:15:08 on 04/04/2017 was unexpected.

Log: 'System' Date/Time: 26/03/2017 14:28:18
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 26/03/2017 14:27:00
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 22:34:09 on 23/03/2017 was unexpected.

Log: 'System' Date/Time: 20/03/2017 22:18:18
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 20/03/2017 22:17:37
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 00:10:04 on 20/03/2017 was unexpected.

Log: 'System' Date/Time: 20/03/2017 00:00:10
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 19/03/2017 23:59:03
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 23:49:56 on 17/03/2017 was unexpected.

Log: 'System' Date/Time: 16/03/2017 23:48:04
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 15/03/2017 18:39:11
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 15/03/2017 18:38:37
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 18:37:13 on 15/03/2017 was unexpected.

Log: 'System' Date/Time: 10/03/2017 00:40:36
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 10/03/2017 00:38:55
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/04/2017 22:23:51
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Log: 'System' Date/Time: 27/04/2017 20:55:03
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/04/2017 21:44:46
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Log: 'System' Date/Time: 22/04/2017 03:06:44
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Log: 'System' Date/Time: 21/04/2017 04:53:04
Type: Warning Category: 0
Event: 16393 Source: Microsoft-Windows-Bits-Client
BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 2147747073.

Log: 'System' Date/Time: 21/04/2017 02:45:56
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014661(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:45:56
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014661(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:45:56
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014661(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:45:56
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014661(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:39:14
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014652(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:39:14
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014652(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:39:14
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014652(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:39:14
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014652(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:38:46
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB4014652(Security Update) is not applicable for this system

Log: 'System' Date/Time: 21/04/2017 02:35:59
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB3067505(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 21/04/2017 02:35:59
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB3067505(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 21/04/2017 02:35:59
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB3067505(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 21/04/2017 02:35:59
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB3081320(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 21/04/2017 02:35:59
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB3081320(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 21/04/2017 02:35:59
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB3081320(Security Update) into Installed(Installed) state

#8
RKinner

Posted 29 April 2017 - 03:58 PM

Malware Expert

Expert
24,624 posts

Log: 'System' Date/Time: 27/04/2017 22:24:04

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The Intel AGP Bus Filter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Expect this service does not need to start since no one use AGP these days so we can ignore this error. If you want to look at stopping it open

regedit

navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\agp440

and change Start to 4.

Log: 'System' Date/Time: 28/04/2017 22:23:51
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

This is a bit more important. If the time gets too far off you won't be able to connect to https sites. First verify the date and time are correct. Then follow the instructions on

https://www.howtogee...-sync-problems/

Start where it says:

Changing the Time Server

Since this is a desktop have you opened it up and cleaned the dust from the heatsink, vents and fans? Speccy doesn't show it as hot but Speccy isn't that accurate and the temperature couold be soaring under load.

You may want to run Speedfan to monitor your temps in real time:

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray. You can change it: Hit Configure then click on the highest temp and check Show in tray. Then run an anti-virus scan or watch a video, play a game and see if the temperatures climb over 65.

#9
BC12

Posted 29 April 2017 - 11:29 PM

Member

Topic Starter
Member
12 posts

This is a bit more important. If the time gets too far off you won't be able to connect to https sites. First verify the date and time are correct. Then follow the instructions on

https://www.howtogee...-sync-problems/

Start where it says:

wouldnt let me change, kept getting error, then did regiedit like suggested but file couldnt be found.

i am guessing my computer is on its way out,,havent checked it for duust no

is it at least clear of viruses?

Edited by BC12, 29 April 2017 - 11:30 PM.

#10
RKinner

Posted 30 April 2017 - 05:15 AM

Malware Expert

Expert
24,624 posts

What error did you get when you tried to change the time source?

#11
BC12

Posted 30 April 2017 - 08:11 AM

Member

Topic Starter
Member
12 posts

an rror occured while windows was synchoning. on each of the 5 servers

#12
RKinner

Posted 30 April 2017 - 04:59 PM

Malware Expert

Expert
24,624 posts

Search for services.msc and hit Enter.

Scroll down to Windows Time (Service)

Right click on it and select Properties. Verify that the Startup Type: is set to Automatic. IF the service is not running try to Start it. Do you get an error?

Open a browser and type in:

52.173.193.166

hit Enter. Does it say:

Server Error

403 - Forbidden: Access is denied.

You do not have permission to view this directory or page using the credentials that you supplied.

#13
BC12

Posted 03 May 2017 - 04:47 PM

Member

Topic Starter
Member
12 posts

the service was running and was automatic

yes i get the error you state

#14
RKinner

Posted 03 May 2017 - 07:43 PM

Malware Expert

Expert
24,624 posts

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

net stop w32time

w32tm /unregister

w32tm /register

net start w32time

w32tm /resync

Do you get any errors?

#15
BC12

Posted 04 May 2017 - 04:58 AM

Member

Topic Starter
Member
12 posts

all worked execpt w32tm /unregister and w32tm /resync

access is denied

comp did no resync because no time data was avalable

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

As Featured On:

Geeks to Go Forum 343,318 topics
Quick Links FAQ Malware Cleaning Guide How it Works
Downloads 2+ million

View New Content

Keeps freezing

#1
BC12

Posted 13 April 2017 - 01:21 PM

Advertisements

#2
RKinner

Posted 16 April 2017 - 09:35 AM

#3
BC12

Posted 27 April 2017 - 07:57 AM

Attached Files

#4
RKinner

Posted 27 April 2017 - 08:16 AM

#5
BC12

Posted 28 April 2017 - 10:28 AM

#6
RKinner

Posted 28 April 2017 - 08:46 PM

#7
BC12

Posted 29 April 2017 - 08:29 AM

#8
RKinner

Posted 29 April 2017 - 03:58 PM

#9
BC12

Posted 29 April 2017 - 11:29 PM

#10
RKinner

Posted 30 April 2017 - 05:15 AM

Advertisements

#11
BC12

Posted 30 April 2017 - 08:11 AM

#12
RKinner

Posted 30 April 2017 - 04:59 PM

#13
BC12

Posted 03 May 2017 - 04:47 PM

#14
RKinner

Posted 03 May 2017 - 07:43 PM

#15
BC12

Posted 04 May 2017 - 04:58 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Keeps freezing

#1 BC12 Posted 13 April 2017 - 01:21 PM

Advertisements

#2 RKinner Posted 16 April 2017 - 09:35 AM

#3 BC12 Posted 27 April 2017 - 07:57 AM

Attached Files

#4 RKinner Posted 27 April 2017 - 08:16 AM

#5 BC12 Posted 28 April 2017 - 10:28 AM

#6 RKinner Posted 28 April 2017 - 08:46 PM

#7 BC12 Posted 29 April 2017 - 08:29 AM

#8 RKinner Posted 29 April 2017 - 03:58 PM

#9 BC12 Posted 29 April 2017 - 11:29 PM

#10 RKinner Posted 30 April 2017 - 05:15 AM

Advertisements

#11 BC12 Posted 30 April 2017 - 08:11 AM

#12 RKinner Posted 30 April 2017 - 04:59 PM

#13 BC12 Posted 03 May 2017 - 04:47 PM

#14 RKinner Posted 03 May 2017 - 07:43 PM

#15 BC12 Posted 04 May 2017 - 04:58 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
BC12

Posted 13 April 2017 - 01:21 PM

#2
RKinner

Posted 16 April 2017 - 09:35 AM

#3
BC12

Posted 27 April 2017 - 07:57 AM

#4
RKinner

Posted 27 April 2017 - 08:16 AM

#5
BC12

Posted 28 April 2017 - 10:28 AM

#6
RKinner

Posted 28 April 2017 - 08:46 PM

#7
BC12

Posted 29 April 2017 - 08:29 AM

#8
RKinner

Posted 29 April 2017 - 03:58 PM

#9
BC12

Posted 29 April 2017 - 11:29 PM

#10
RKinner

Posted 30 April 2017 - 05:15 AM

#11
BC12

Posted 30 April 2017 - 08:11 AM

#12
RKinner

Posted 30 April 2017 - 04:59 PM

#13
BC12

Posted 03 May 2017 - 04:47 PM

#14
RKinner

Posted 03 May 2017 - 07:43 PM

#15
BC12

Posted 04 May 2017 - 04:58 AM