Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Keeps freezing


  • Please log in to reply

#1
BC12

BC12

    Member

  • Member
  • PipPip
  • 12 posts

my comp is really sluggish and not responding , logs enclosed

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Chris (administrator) on DELL-530 (13-04-2017 20:15:26)
Running from C:\Users\Chris\Downloads
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
() C:\Program Files\HDD Health\HDDHealthService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Silverlight\5.1.50905.0\Silverlight.Configuration.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-08-12] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-04-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-02-21]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-02-21]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-02-21]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2017-02-21]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.exe (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-08-16] (RealPlayer)
BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-08-12] (Wondershare)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF DefaultProfile: 2m53848d.default
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2m53848d.default [2017-04-13]
FF Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2m53848d.default\Extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi [2017-04-06]
FF Extension: (Adblock Plus) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2m53848d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-05-06] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-04]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]_xpi [2016-08-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-16] (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2016-10-18]
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-05]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2016-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5758120 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-04-04] (AVAST Software)
R2 HDDHealth; C:\Program Files\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [255184 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148208 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267528 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-04-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106904 2017-04-04] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-08-02] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\drivers\aswNdis2.sys [329728 2017-04-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [60760 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-04-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764064 2017-04-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [472760 2017-04-04] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184208 2017-04-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-04-04] (AVAST Software)
R3 gttap1; C:\Windows\System32\DRIVERS\gttap1.sys [32552 2013-09-12] (The OpenVPN Project)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [220088 2017-04-12] (Malwarebytes)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [43520 2009-12-10] (--)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-13 20:15 - 2017-04-13 20:16 - 00013943 _____ C:\Users\Chris\Downloads\FRST.txt
2017-04-13 20:14 - 2017-04-13 20:14 - 01766912 _____ (Farbar) C:\Users\Chris\Downloads\FRST.exe
2017-04-13 17:53 - 2017-04-13 17:53 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Sun
2017-04-13 17:53 - 2017-04-13 17:53 - 00000000 ____D C:\Program Files\Common Files\Java
2017-04-13 17:52 - 2017-04-13 17:52 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-04-13 17:52 - 2017-04-13 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-13 17:51 - 2017-04-13 17:51 - 00000000 ____D C:\ProgramData\Oracle
2017-04-13 17:51 - 2017-04-13 17:51 - 00000000 ____D C:\Program Files\Java
2017-04-13 17:48 - 2017-04-13 17:48 - 00738880 _____ (Oracle Corporation) C:\Users\Chris\Downloads\jxpiinstall.exe
2017-04-13 17:27 - 2017-04-13 17:33 - 00000000 ____D C:\Users\Chris\Desktop\sim14
2017-04-13 17:08 - 2017-04-13 17:15 - 00000000 ____D C:\Users\Chris\Desktop\lauzv3
2017-04-13 16:57 - 2017-04-13 17:03 - 00000000 ____D C:\Users\Chris\Desktop\lapics2
2017-04-13 16:44 - 2017-04-13 16:48 - 00000000 ____D C:\Users\Chris\Desktop\Ozzzzzz1
2017-04-12 23:38 - 2017-04-12 23:38 - 04089296 _____ C:\Users\Chris\Downloads\AdwCleaner.exe
2017-04-04 16:34 - 2017-04-04 16:34 - 04089296 _____ C:\Users\Chris\Downloads\adwcleaner_6.045.exe
2017-04-04 16:23 - 2017-04-04 16:22 - 00330256 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-27 03:04 - 2017-02-11 16:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-03-23 20:41 - 2017-04-11 22:48 - 00002537 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-03-23 20:41 - 2017-04-11 22:48 - 00002537 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2017-03-23 20:41 - 2017-03-23 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-03-23 20:41 - 2017-03-23 20:41 - 00000000 ____D C:\Program Files\Sophos
2017-03-23 20:35 - 2017-02-09 18:11 - 03610856 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-03-23 20:35 - 2017-02-09 18:11 - 03558120 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-23 20:34 - 2017-02-11 16:22 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-23 20:33 - 2017-01-28 18:02 - 01253888 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-23 20:32 - 2017-02-11 17:54 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-23 20:32 - 2017-02-11 17:53 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-23 20:32 - 2017-02-11 17:16 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2017-03-23 20:32 - 2017-02-11 17:16 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2017-03-23 20:32 - 2017-02-11 17:16 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2017-03-23 20:32 - 2017-02-11 17:16 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2017-03-23 20:32 - 2017-02-11 16:35 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-03-23 20:32 - 2017-02-11 16:34 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-03-23 20:32 - 2017-02-11 16:25 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-03-23 20:32 - 2017-02-11 16:23 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-23 20:32 - 2017-02-11 16:23 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-23 20:31 - 2017-03-23 20:35 - 164935112 _____ (Sophos Limited) C:\Users\Chris\Downloads\Sophos Virus Removal Tool(1).exe
2017-03-23 20:31 - 2017-02-09 18:04 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-23 20:31 - 2017-02-09 16:33 - 02074112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-23 20:30 - 2017-01-13 21:16 - 00739840 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-23 20:29 - 2017-01-05 17:58 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-23 17:07 - 2017-03-04 01:33 - 01816064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-23 17:07 - 2017-03-04 01:32 - 12841472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-23 17:07 - 2017-03-04 01:28 - 09756160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-23 17:07 - 2017-03-04 01:28 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-23 17:07 - 2017-03-04 01:28 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-23 17:07 - 2017-03-04 01:27 - 01805312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-23 17:07 - 2017-03-04 01:27 - 01130496 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-23 17:07 - 2017-03-04 01:27 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-23 17:07 - 2017-03-04 01:26 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-23 17:07 - 2017-03-04 01:26 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-23 17:07 - 2017-03-04 01:26 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-03-23 17:07 - 2017-03-04 01:26 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-03-23 17:07 - 2017-03-04 01:26 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-03-17 20:54 - 2017-04-04 16:21 - 00267528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-03-17 20:54 - 2017-04-04 16:21 - 00255184 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-03-17 20:54 - 2017-04-04 16:21 - 00148208 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-03-17 20:54 - 2017-04-04 16:21 - 00041176 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-03-15 19:44 - 2017-04-06 08:33 - 00000259 _____ C:\Windows\wininit.ini
2017-03-15 19:34 - 2017-04-13 20:15 - 00000000 ____D C:\FRST
2017-03-15 16:58 - 2017-03-15 17:02 - 00000000 ____D C:\Users\Chris\Downloads\marm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-13 20:04 - 2013-07-23 22:29 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2017-04-13 19:16 - 2006-11-02 13:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-13 19:16 - 2006-11-02 13:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-13 17:53 - 2016-10-17 21:10 - 00764972 _____ C:\Windows\ntbtlog.txt
2017-04-13 16:30 - 2015-11-26 19:36 - 00002445 _____ C:\Users\Public\Desktop\InPlay IPTV.lnk
2017-04-13 16:30 - 2015-11-26 19:36 - 00002445 _____ C:\ProgramData\Desktop\InPlay IPTV.lnk
2017-04-13 16:20 - 2016-11-19 23:46 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\Mozilla
2017-04-13 14:32 - 2016-02-24 15:25 - 00052736 _____ C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-13 14:27 - 2016-11-23 02:30 - 963648320 _____ C:\Users\Chris\Desktop\20160225_080009.mp4
2017-04-13 01:22 - 2017-03-09 22:40 - 00000000 ____D C:\AdwCleaner
2017-04-12 07:47 - 2012-12-13 20:48 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-04-12 07:47 - 2012-12-13 20:48 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-04-12 07:47 - 2008-10-23 13:28 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-12 02:38 - 2017-02-01 16:44 - 00220088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-12 02:38 - 2017-02-01 16:42 - 00059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-04-10 21:21 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2017-04-10 21:21 - 2006-11-02 11:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-10 21:17 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-04-10 21:16 - 2017-02-26 18:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-10 21:16 - 2017-02-26 18:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-10 21:16 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-04 16:35 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2017-04-04 16:22 - 2015-09-13 14:11 - 00184208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-04-04 16:22 - 2014-08-02 22:53 - 00472760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-04 16:22 - 2014-08-02 22:53 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-04 16:22 - 2014-08-02 22:53 - 00106904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-04 16:22 - 2014-08-02 22:53 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-04 16:22 - 2014-08-02 22:53 - 00060760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-04-04 16:22 - 2014-08-02 22:53 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-04 16:21 - 2014-08-02 22:53 - 00764064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-04 16:21 - 2014-08-02 22:53 - 00329728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2017-04-04 16:21 - 2014-08-02 22:53 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-27 03:03 - 2013-08-14 03:08 - 00000000 ____D C:\Windows\system32\MRT
2017-03-27 03:01 - 2006-11-02 11:24 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-03-26 15:28 - 2016-06-29 18:12 - 03583104 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-26 15:24 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Movie Maker
2017-03-23 20:27 - 2013-05-08 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-23 20:26 - 2013-05-08 16:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-20 01:01 - 2012-06-07 21:14 - 00000000 ____D C:\Temp
2017-03-17 20:54 - 2012-02-22 22:55 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-16 23:23 - 2006-11-02 14:01 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-15 20:12 - 2016-11-19 23:36 - 00000000 ____D C:\Users\Chris\Desktop\vidz

==================== Files in the root of some directories =======

2016-03-06 18:13 - 2017-02-14 10:31 - 0001041 _____ () C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
2016-05-16 20:15 - 2016-06-13 16:09 - 0001356 _____ () C:\Users\Chris\AppData\Local\d3d9caps.dat
2016-02-24 15:25 - 2017-04-13 14:32 - 0052736 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-13 09:38

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Chris (13-04-2017 20:17:23)
Running from C:\Users\Chris\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2011-02-04 10:32:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3299710142-3868310564-1978959094-500 - Administrator - Disabled)
Chris (S-1-5-21-3299710142-3868310564-1978959094-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3299710142-3868310564-1978959094-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 3484544.-2.2005037430.2005036444 - Audible, Inc.)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
ConvertXtoDVD 4.0.9.322 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.9.322 - )
EasyBCD 1.7 (HKLM\...\EasyBCD) (Version: 1.7 - NeoSmart Technologies)
ffdshow [rev 2180] [2008-10-04] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HDD Health v4.2 (HKLM\...\HDD Health_is1) (Version:  - )
InPlay IPTV (HKLM\...\{4CE87481-C78C-4543-9AA0-2117CD5BF917}) (Version: 4.0.0 - Cobain ltd)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Leawo Video Converter version  5.1.0.0 (HKLM\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version:  - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 52.0.2 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.0.2 ESR (x86 en-GB)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 7 Lite 7.10.1.2 (HKLM\...\Nero7Lite_is1) (Version: 7.10.1.2 - UpdatePack.nl)
PressReader (HKLM\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.16.0115.0 - PressReader Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skitch (HKLM\...\Skitch 1.0.2.0) (Version: 2.2.0.4 - Evernote Corp.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.1 - win.rar GmbH)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410C}) (Version: 21.0.12288 - WinZip Computing, S.L. )
Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Wondershare Video Converter Ultimate(Build 8.8.0.3) (HKLM\...\Wondershare Video Converter Ultimate_is1) (Version: 8.8.0.3 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Chris\AppData\Local\Chromium\Application\46.0.2480.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2EEC41BC-155E-4FB6-B264-D9E2D9DC9DDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {3EB8B375-8256-4EC9-AAB5-4E9A8BB70B2D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-04] (AVAST Software)
Task: {677CD573-8156-4B83-8781-B7646D6B0415} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {6C8D4CF4-1C63-4C48-B143-C93A6A689A5B} - System32\Tasks\SafeZone scheduled Autoupdate 1449186754 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {C9BE9F1E-CC67-4EAF-B2B3-6D345758AD23} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-02-10] (WinZip)
Task: {DC0B49E4-3258-40BE-81A6-B40E45F2E425} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One) Tweaking.com - Windows Repair )Created By Tweaking.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-04-04 16:22 - 2017-04-04 16:22 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-04 16:22 - 2017-04-04 16:22 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-10 12:48 - 2017-04-10 12:48 - 06022832 _____ () C:\Program Files\AVAST Software\Avast\defs\17041000\algo.dll
2017-04-04 16:22 - 2017-04-04 16:22 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-04 16:22 - 2017-04-04 16:22 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-04-12 09:23 - 2017-04-12 09:23 - 06022832 _____ () C:\Program Files\AVAST Software\Avast\defs\17041200\algo.dll
2017-04-13 13:27 - 2017-04-13 13:27 - 06015544 _____ () C:\Program Files\AVAST Software\Avast\defs\17041300\algo.dll
2014-03-25 06:27 - 2013-03-08 10:54 - 00017760 _____ () C:\Program Files\HDD Health\HDDHealthService.exe
2016-06-29 18:20 - 2016-06-29 18:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-04 16:21 - 2017-04-04 16:21 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-01 16:42 - 2017-04-12 02:38 - 01736992 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-04 16:21 - 2017-04-04 16:21 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-04-04 16:22 - 2017-04-04 16:22 - 00230632 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2015-08-26 08:44 - 2015-08-26 08:44 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Chris\Desktop\20160225_080009.mp4:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-01-28 16:22 - 2017-02-25 19:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDDHealth.lnk => C:\Windows\pss\HDDHealth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: ZAM => "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{F4CFD83A-D58B-4331-9FC7-226F9784CDC4}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{12BEC677-E9D6-44B9-BABE-F2063712476A}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{63B46E60-3403-4499-A84A-2E131052042D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{A80137C5-6CBA-412B-A1EC-D75758F79773}C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [UDP Query User{8086F52E-78FA-489A-B2C4-2651DAE624EB}C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [TCP Query User{01072E77-9C3B-4616-930C-17F242C61391}C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe] => (Block) C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [UDP Query User{B4B0273B-6E73-4483-AA42-4F3F1458FF14}C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe] => (Block) C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe
FirewallRules: [{DFECEA6A-5846-4D8E-8A7E-7E8EA11DA650}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5820D49A-8C3F-4C48-B68B-9B51B26FF326}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => Enabled:pre-scan_6_31.05.2016.1
StandardProfile\AuthorizedApplications: [C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => Enabled:adsfix_3_09.06.2016.1

==================== Restore Points =========================

04-04-2017 17:24:41 Scheduled Checkpoint
06-04-2017 00:00:01 Scheduled Checkpoint
07-04-2017 00:00:01 Scheduled Checkpoint
10-04-2017 21:47:47 Scheduled Checkpoint
12-04-2017 01:03:57 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2017 04:21:12 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\2M53848D.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/12/2017 11:05:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\DOWNLOADS\ANGEL SMALLS IN DIRTY LITTLE ANGEL (EVIL ANGEL) 2017 SPLIT SCENES\4 ANGEL SMALLS.MP4> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/12/2017 11:05:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\DOWNLOADS\ANGEL SMALLS IN DIRTY LITTLE ANGEL (EVIL ANGEL) 2017 SPLIT SCENES\3 ANGEL SMALLS, HOLLY HENDRIX.MP4> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/12/2017 11:05:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\DOWNLOADS\ANGEL SMALLS IN DIRTY LITTLE ANGEL (EVIL ANGEL) 2017 SPLIT SCENES\2 ANGEL SMALLS.MP4> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/12/2017 11:05:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\DOWNLOADS\ANGEL SMALLS IN DIRTY LITTLE ANGEL (EVIL ANGEL) 2017 SPLIT SCENES\1 ANGEL SMALLS.MP4> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (03/27/2017 03:03:46 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/27/2017 03:03:44 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (03/17/2017 04:54:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\2M53848D.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (03/17/2017 04:54:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\2M53848D.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (03/10/2017 01:41:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCALLOW\MOZILLA\TEMP-{7742B551-A726-4741-A3B0-4412EB39E8A0}\_AVAST_> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (04/10/2017 09:22:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (04/10/2017 09:17:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (04/10/2017 09:16:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 21:15:23 on 10/04/2017 was unexpected.

Error: (04/04/2017 04:21:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (04/04/2017 04:16:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (04/04/2017 04:16:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:15:08 on 04/04/2017 was unexpected.

Error: (03/26/2017 03:28:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/26/2017 03:27:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:34:09 on 23/03/2017 was unexpected.

Error: (03/20/2017 11:18:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/20/2017 11:17:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 00:10:04 on 20/03/2017 was unexpected.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 72%
Total physical RAM: 3060.45 MB
Available physical RAM: 832.2 MB
Total Virtual: 6351.89 MB
Available Virtual: 2725.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.32 GB) (Free:120.72 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Apr 13 2017) (CDROM) (Total:4.38 GB) (Free:0.07 GB) UDF
 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

  • 0

#3
BC12

BC12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

notepad wouldnt work

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    88.35    0 K    24 K    0            
procexp.exe    4.66    31,036 K    34,812 K    2644    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    
WmiPrvSE.exe    3.88    9,152 K    7,596 K    4488    WMI Provider Host    Microsoft Corporation    
firefox.exe    1.55    371,148 K    411,068 K    5152    Firefox    Mozilla Corporation    
dwm.exe    0.78    56,644 K    70,564 K    1120    Desktop Window Manager    Microsoft Corporation    
csrss.exe    0.78    2,596 K    7,844 K    692    Client Server Runtime Process    Microsoft Corporation    
System    < 0.01    0 K    21,876 K    4            
procexp.exe    < 0.01    17,256 K    26,352 K    4636    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    
svchost.exe    < 0.01    105,228 K    97,976 K    1160    Host Process for Windows Services    Microsoft Corporation    
FAHWindow32.exe    < 0.01    1,456 K    520 K    4980    File Association Helper    WinZip Computing, S.L.    
FlashPlayerPlugin_25_0_0_148.exe    < 0.01    20,124 K    20,656 K    6072    Adobe Flash Player 25.0 r0    Adobe Systems, Inc.    
ConvertXtoDvd.exe    < 0.01    165,276 K    125,920 K    2312    ConvertXToDVD transcoder    VSO Software SARL    
svchost.exe    < 0.01    115,996 K    97,924 K    1184    Host Process for Windows Services    Microsoft Corporation    
plugin-container.exe    < 0.01    27,072 K    27,176 K    6048    Plugin Container for Firefox    Mozilla Corporation    
aswidsagent.exe    < 0.01    15,764 K    17,552 K    3504    Avast Behavior Shield    AVAST Software s.r.o.    
explorer.exe    < 0.01    98,896 K    70,568 K    3992    Windows Explorer    Microsoft Corporation    
FlashPlayerPlugin_25_0_0_148.exe    < 0.01    4,460 K    9,712 K    4008    Adobe Flash Player 25.0 r0    Adobe Systems, Inc.    
lsass.exe    < 0.01    4,732 K    5,092 K    776    Local Security Authority Process    Microsoft Corporation    
audiodg.exe    < 0.01    25,032 K    18,868 K    1324    Windows Audio Device Graph Isolation     Microsoft Corporation    
AvastSvc.exe    < 0.01    376,548 K    40,988 K    1712    Avast Service    AVAST Software    
svchost.exe    < 0.01    26,268 K    11,792 K    1572    Host Process for Windows Services    Microsoft Corporation    
iexplore.exe    < 0.01    15,624 K    30,320 K    5440    Internet Explorer    Microsoft Corporation    
AvastUI.exe    < 0.01    26,484 K    28,236 K    4208    Avast Antivirus    AVAST Software    
wmpnetwk.exe    < 0.01    5,804 K    5,020 K    2316    Windows Media Player Network Sharing Service    Microsoft Corporation    
svchost.exe    < 0.01    17,612 K    7,676 K    1136    Host Process for Windows Services    Microsoft Corporation    
csrss.exe    < 0.01    2,868 K    2,620 K    640    Client Server Runtime Process    Microsoft Corporation    
SearchIndexer.exe    < 0.01    46,684 K    21,068 K    2108    Microsoft Windows Search Indexer    Microsoft Corporation    
CCleaner.exe    < 0.01    16,036 K    9,500 K    5244    CCleaner    Piriform Ltd    
WzPreloader.exe    < 0.01    8,760 K    3,444 K    4532    WinZip Preloader    WinZip Computing, S.L.    
iexplore.exe    < 0.01    42,768 K    66,240 K    2244    Internet Explorer    Microsoft Corporation    
lsm.exe    < 0.01    1,964 K    1,632 K    788    Local Session Manager Service    Microsoft Corporation    
svchost.exe    < 0.01    3,628 K    3,884 K    1004    Host Process for Windows Services    Microsoft Corporation    
ss_conn_service.exe    < 0.01    1,572 K    432 K    208    MSS CS Connectivity Service    DEVGURU Co., LTD.    
afwServ.exe    < 0.01    13,580 K    10,336 K    1764    Avast firewall service    AVAST Software    
MBAMService.exe    < 0.01    13,008 K    10,248 K    2260    Malwarebytes Service    Malwarebytes    
spoolsv.exe    < 0.01    6,196 K    2,328 K    1876    Spooler SubSystem App    Microsoft Corporation    
Interrupts    < 0.01    0 K    0 K    n/a    Hardware Interrupts and DPCs        
WZQKPICK32.exe        1,516 K    624 K    4648    WinZip Quick Pick    WinZip Computing, S.L.    
wmpnscfg.exe        1,984 K    1,772 K    1172    Windows Media Player Network Sharing Service Configuration Application    Microsoft Corporation    
WmiPrvSE.exe        3,184 K    5,692 K    4788    WMI Provider Host    Microsoft Corporation    
winlogon.exe        1,928 K    1,748 K    736    Windows Logon Application    Microsoft Corporation    
wininit.exe        1,204 K    336 K    680    Windows Start-Up Application    Microsoft Corporation    
unsecapp.exe        2,536 K    1,712 K    4804    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    
taskeng.exe        10,364 K    4,504 K    3640    Task Scheduler Engine    Microsoft Corporation    
taskeng.exe        2,228 K    2,728 K    2192    Task Scheduler Engine    Microsoft Corporation    
taskeng.exe        1,716 K    1,136 K    5144    Task Scheduler Engine    Microsoft Corporation    
svchost.exe        3,464 K    3,928 K    928    Host Process for Windows Services    Microsoft Corporation    
svchost.exe        10,100 K    12,900 K    1452    Host Process for Windows Services    Microsoft Corporation    
svchost.exe        8,844 K    7,524 K    1900    Host Process for Windows Services    Microsoft Corporation    
svchost.exe        2,348 K    1,688 K    1344    Host Process for Windows Services    Microsoft Corporation    
svchost.exe        2,248 K    2,364 K    1908    Host Process for Windows Services    Microsoft Corporation    
svchost.exe        4,452 K    3,212 K    1568    Host Process for Windows Services    Microsoft Corporation    
svchost.exe        1,520 K    556 K    2080    Host Process for Windows Services    Microsoft Corporation    
svchost.exe        1,828 K    1,292 K    3424    Host Process for Windows Services    Microsoft Corporation    
svchost.exe        2,596 K    4,836 K    4484    Host Process for Windows Services    Microsoft Corporation    
smss.exe        360 K    232 K    572    Windows Session Manager    Microsoft Corporation    
SLsvc.exe        7,112 K    2,296 K    1364    Microsoft Software Licensing Service    Microsoft Corporation    
services.exe        2,496 K    2,720 K    756    Services and Controller app    Microsoft Corporation    
RtHDVCpl.exe        9,036 K    1,364 K    1508    HD Audio Control Panel    Realtek Semiconductor    
mbamtray.exe        16,944 K    4,696 K    2176    Malwarebytes Tray Application    Malwarebytes    
jusched.exe        6,312 K    1,432 K    824    Java Update Scheduler    Oracle Corporation    
jucheck.exe        11,836 K    1,844 K    3320    Java Update Checker    Oracle Corporation    
HDDHealthService.exe        768 K    572 K    1244            
ehsched.exe        972 K    580 K    1108    Windows Media Center Scheduler Service    Microsoft Corporation    
ehrecvr.exe        5,156 K    2,380 K    696    Windows Media Center Receiver Service    Microsoft Corporation    
AERTSrv.exe        368 K    196 K    604    Andrea filters APO access service (32-bit)    Andrea Electronics Corporation    

 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

You have a Seagate drive and like all Seagates it is showing errors in the S.M.A.R.T section of Speccy.  Back up any files you don't want to lose as it could fail in the near future (or 10 years from now).

 

Let's run a disk check and see if that helps any:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. 

The prompt must be: c:\Windows\System32>  If not you did not right click and run as admin.

 

Then type (with an Enter after each line).
 

sfc /scannow


(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close notepad.  Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 


  • 0

#5
BC12

BC12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

i get an error message on  vew

path file access error


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

I just tried a new download on my Win 10 and it still works so suspect you forgot to right click and Run As Admin.


  • 0

#7
BC12

BC12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 29/04/2017 15:28:31

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/04/2017 22:24:04
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 26/04/2017 01:28:35
Type: Error Category: 0
Event: 36 Source: volsnap
The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Log: 'System' Date/Time: 21/04/2017 03:06:56
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 10/04/2017 20:22:22
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.

Log: 'System' Date/Time: 10/04/2017 20:17:19
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 10/04/2017 20:16:45
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 21:15:23 on 10/04/2017 was unexpected.

Log: 'System' Date/Time: 04/04/2017 15:21:53
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.

Log: 'System' Date/Time: 04/04/2017 15:16:58
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 04/04/2017 15:16:44
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 16:15:08 on 04/04/2017 was unexpected.

Log: 'System' Date/Time: 26/03/2017 14:28:18
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 26/03/2017 14:27:00
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 22:34:09 on 23/03/2017 was unexpected.

Log: 'System' Date/Time: 20/03/2017 22:18:18
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 20/03/2017 22:17:37
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 00:10:04 on 20/03/2017 was unexpected.

Log: 'System' Date/Time: 20/03/2017 00:00:10
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 19/03/2017 23:59:03
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 23:49:56 on 17/03/2017 was unexpected.

Log: 'System' Date/Time: 16/03/2017 23:48:04
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 15/03/2017 18:39:11
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 15/03/2017 18:38:37
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 18:37:13 on 15/03/2017 was unexpected.

Log: 'System' Date/Time: 10/03/2017 00:40:36
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 10/03/2017 00:38:55
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error:  The service did not start due to a logon failure.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/04/2017 22:23:51
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Log: 'System' Date/Time: 27/04/2017 20:55:03
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/04/2017 21:44:46
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Log: 'System' Date/Time: 22/04/2017 03:06:44
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Log: 'System' Date/Time: 21/04/2017 04:53:04
Type: Warning Category: 0
Event: 16393 Source: Microsoft-Windows-Bits-Client
BITS has encountered an error communicating with an Internet Gateway Device.  Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 2147747073.

Log: 'System' Date/Time: 21/04/2017 02:45:56
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014661(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:45:56
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014661(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:45:56
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014661(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:45:56
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014661(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:39:14
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014652(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:39:14
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014652(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:39:14
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014652(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:39:14
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB4014652(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 21/04/2017 02:38:46
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB4014652(Security Update) is not applicable for this system

Log: 'System' Date/Time: 21/04/2017 02:35:59
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB3067505(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 21/04/2017 02:35:59
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB3067505(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 21/04/2017 02:35:59
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB3067505(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 21/04/2017 02:35:59
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB3081320(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 21/04/2017 02:35:59
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB3081320(Security Update) into Installed(Installed) state

Log: 'System' Date/Time: 21/04/2017 02:35:59
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB3081320(Security Update) into Installed(Installed) state

 


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
Log: 'System' Date/Time: 27/04/2017 22:24:04
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel AGP Bus Filter service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 

 

 

Expect this service does not need to start since no one use AGP these days so we can ignore this error.  If you want to look at stopping it open

 

regedit

 

navigate to 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\agp440 

and change Start to 4.

 

Log: 'System' Date/Time: 28/04/2017 22:23:51
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

 

 

 

This is a bit more important.  If the time gets too far off you won't be able to connect to https sites.  First verify the date and time are correct.  Then follow the instructions on

https://www.howtogee...-sync-problems/

Start where it says:

 

 
Changing the Time Server
 
 
Since this is a desktop have you opened it up and cleaned the dust from the heatsink, vents and fans?  Speccy doesn't show it as hot but Speccy isn't that accurate and the temperature couold be soaring under load.
 
You may want to run Speedfan to monitor your temps in real time:
 
 
 
 
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).
 
It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.  Then run an anti-virus scan or watch a video, play a game and see if the temperatures climb over 65.

  • 0

#9
BC12

BC12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

This is a bit more important.  If the time gets too far off you won't be able to connect to https sites.  First verify the date and time are correct.  Then follow the instructions on

https://www.howtogee...-sync-problems/

Start where it says:

 

wouldnt let me change, kept getting error, then did regiedit like suggested but file couldnt be found.

 

i am guessing my computer is on its way out,,havent checked it for duust no

 

is it at least clear of viruses?


Edited by BC12, 29 April 2017 - 11:30 PM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

What error did you get when you tried to change the time source?


  • 0

Advertisements


#11
BC12

BC12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

an rror occured while windows was synchoning. on each of the 5 servers


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

Search for services.msc and hit Enter.

 

Scroll down to Windows Time (Service)

 

 

Right click on it and select Properties.  Verify that the Startup Type: is set to Automatic.  IF the service is not running try to Start it.  Do you get an error?

 

 

 

Open a browser and type in:  

52.173.193.166

hit Enter.  Does it say:

Server Error

403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.

 


  • 0

#13
BC12

BC12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

the service was running and was automatic

 

yes i get the error you state


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 

 

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync

Do you get any errors?


  • 0

#15
BC12

BC12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

all worked execpt  w32tm /unregister and w32tm /resync

 

access is denied

 

comp did no resync because no time data was avalable


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP