Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

some popups and slow computer

Started by bbj , Jun 09 2017 12:50 AM

Please log in to reply

#1
bbj

Posted 09 June 2017 - 12:50 AM

Member

Member
64 posts

My friend said that he has seen some popups and that the computer startup is slow. I think that what he was seeing for popups was that flash needed to be updated. After updating flash, I'm not seeing any more notification popups. The log files for MSE and the last run of MBAM look good. I don't think there is any infection but I'm not sure.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-06-2017 01
Ran by 2Gs (administrator) on 2GS-PC (08-06-2017 19:40:25)
Running from C:\Users\2Gs\Desktop
Loaded Profiles: 2Gs (Available Profiles: 2Gs)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(UASSOFT.COM) C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Stardock Corporation) C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1140302389-1250498145-2741308867-1000\...\Run: [CursorFX] => C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe [417280 2010-03-23] (Stardock Corporation)
HKU\S-1-5-21-1140302389-1250498145-2741308867-1000\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1140302389-1250498145-2741308867-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{33DDD567-0017-4305-B5A1-659C73C27E60}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7C2738DF-E7B1-4346-BD52-BEA1DA77EA71}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DC280063-7327-4FF6-A31B-D7201B2E404F}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1140302389-1250498145-2741308867-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2013-12-18] (IObit)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-10-22] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895 [2017-06-08]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895 -> Google
FF Homepage: Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895 -> chrome://fastdial/content/fastdial.html
FF Extension: (EdgeWise) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2017-04-20]
FF Extension: (Fast Dial) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2016-12-13]
FF Extension: (Weather Forecast Plus) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2016-09-28]
FF Extension: (Menu Icons Plus) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2016-04-28]
FF Extension: (Restartless Restart) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2016-04-27]
FF Extension: (Download Manager (S3)) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2017-06-05]
FF Extension: (Super Drag) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2016-04-27]
FF Extension: (Thumbnail Zoom Plus) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2017-06-08]
FF Extension: (uBlock Origin) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2017-05-15]
FF Extension: (IE Tab 2 (FF 3.6+)) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2016-02-20]
FF Extension: (Unhide Passwords) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2016-04-28]
FF Extension: (Follow-on Search Telemetry) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\features\{8b28b5f5-c37d-44ca-b4fd-2be3f261a80c}\[email protected] [2017-06-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-06-08] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\[]TOOLS[]\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-04-12] (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\[]TOOLS[]\PDF-XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-04-12] (Tracker Software Products Ltd.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\[]TOOLS[]\VideoLAN\VLC\npvlc.dll [2011-04-11] (the VideoLAN Team)
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 KMWDSERVICE; C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe [208896 2007-04-05] (UASSOFT.COM) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [75888 2010-09-27] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-08 19:40 - 2017-06-08 19:41 - 00010579 _____ C:\Users\2Gs\Desktop\FRST.txt
2017-06-08 19:40 - 2017-06-08 19:40 - 00000000 ____D C:\FRST
2017-06-08 18:38 - 2017-06-08 18:38 - 02435072 _____ (Farbar) C:\Users\2Gs\Desktop\FRST64.exe
2017-06-08 18:32 - 2017-06-08 18:32 - 00004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-14 06:27 - 2017-04-27 18:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-14 06:27 - 2017-04-27 18:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-14 06:27 - 2017-04-26 07:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-14 06:27 - 2017-04-17 08:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-14 06:27 - 2017-04-16 01:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-14 06:27 - 2017-04-16 01:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-14 06:27 - 2017-04-16 01:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-14 06:27 - 2017-04-16 01:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-14 06:27 - 2017-04-16 00:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-14 06:27 - 2017-04-16 00:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-14 06:27 - 2017-04-16 00:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-14 06:27 - 2017-04-16 00:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-14 06:27 - 2017-04-16 00:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-14 06:27 - 2017-04-15 23:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-14 06:27 - 2017-04-15 23:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-14 06:27 - 2017-04-15 23:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-14 06:27 - 2017-04-15 23:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-14 06:27 - 2017-04-12 08:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-14 06:27 - 2017-04-04 08:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-14 06:26 - 2017-04-27 18:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-14 06:26 - 2017-04-27 18:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-14 06:26 - 2017-04-27 18:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-14 06:26 - 2017-04-27 18:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-14 06:26 - 2017-04-27 18:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-14 06:26 - 2017-04-27 17:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-14 06:26 - 2017-04-27 17:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-14 06:26 - 2017-04-27 17:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-14 06:26 - 2017-04-27 17:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-14 06:26 - 2017-04-27 17:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-14 06:26 - 2017-04-27 17:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-14 06:26 - 2017-04-27 17:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-14 06:26 - 2017-04-27 17:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-14 06:26 - 2017-04-27 17:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-14 06:26 - 2017-04-27 17:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-14 06:26 - 2017-04-27 17:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-14 06:26 - 2017-04-27 17:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-14 06:26 - 2017-04-27 17:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-14 06:26 - 2017-04-27 17:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-14 06:26 - 2017-04-27 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-14 06:26 - 2017-04-27 17:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-14 06:26 - 2017-04-27 17:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-14 06:26 - 2017-04-27 17:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-14 06:26 - 2017-04-27 17:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-14 06:26 - 2017-04-21 08:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-14 06:26 - 2017-04-21 08:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-14 06:26 - 2017-04-19 17:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-14 06:26 - 2017-04-19 16:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-14 06:26 - 2017-04-17 08:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-14 06:26 - 2017-04-17 08:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-14 06:26 - 2017-04-17 08:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-14 06:26 - 2017-04-17 08:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-14 06:26 - 2017-04-17 08:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-14 06:26 - 2017-04-17 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-14 06:26 - 2017-04-17 08:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-14 06:26 - 2017-04-17 07:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-14 06:26 - 2017-04-16 02:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-14 06:26 - 2017-04-16 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-14 06:26 - 2017-04-16 01:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-14 06:26 - 2017-04-16 01:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-14 06:26 - 2017-04-16 01:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-14 06:26 - 2017-04-16 01:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-14 06:26 - 2017-04-16 01:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-14 06:26 - 2017-04-16 01:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-14 06:26 - 2017-04-16 01:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-14 06:26 - 2017-04-16 01:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-14 06:26 - 2017-04-16 01:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-14 06:26 - 2017-04-16 01:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-14 06:26 - 2017-04-16 01:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-14 06:26 - 2017-04-16 01:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-14 06:26 - 2017-04-16 01:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-14 06:26 - 2017-04-16 01:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-14 06:26 - 2017-04-16 01:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-14 06:26 - 2017-04-16 01:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-14 06:26 - 2017-04-16 01:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-14 06:26 - 2017-04-16 01:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-14 06:26 - 2017-04-16 01:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-14 06:26 - 2017-04-16 01:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-14 06:26 - 2017-04-16 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-14 06:26 - 2017-04-16 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-14 06:26 - 2017-04-16 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-14 06:26 - 2017-04-16 01:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-14 06:26 - 2017-04-16 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-14 06:26 - 2017-04-16 00:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-14 06:26 - 2017-04-16 00:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-14 06:26 - 2017-04-16 00:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-14 06:26 - 2017-04-16 00:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-14 06:26 - 2017-04-16 00:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-14 06:26 - 2017-04-16 00:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-14 06:26 - 2017-04-16 00:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-14 06:26 - 2017-04-16 00:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-14 06:26 - 2017-04-16 00:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-14 06:26 - 2017-04-16 00:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-14 06:26 - 2017-04-16 00:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-14 06:26 - 2017-04-16 00:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-14 06:26 - 2017-04-16 00:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-14 06:26 - 2017-04-16 00:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-14 06:26 - 2017-04-16 00:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-14 06:26 - 2017-04-16 00:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-14 06:26 - 2017-04-16 00:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-14 06:26 - 2017-04-16 00:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-14 06:26 - 2017-04-16 00:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-14 06:26 - 2017-04-16 00:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-14 06:26 - 2017-04-16 00:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-14 06:26 - 2017-04-16 00:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-14 06:26 - 2017-04-16 00:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-14 06:26 - 2017-04-16 00:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-14 06:26 - 2017-04-15 23:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-14 06:26 - 2017-04-15 23:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-14 06:26 - 2017-04-12 08:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-14 06:26 - 2017-04-12 08:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-14 06:26 - 2017-04-12 08:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-14 06:26 - 2017-04-12 08:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-14 06:26 - 2017-04-12 08:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-14 06:26 - 2017-04-12 08:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-14 06:26 - 2017-04-12 08:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-14 06:26 - 2017-04-07 08:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-14 06:26 - 2017-04-07 08:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-14 06:26 - 2017-04-07 08:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-14 06:26 - 2017-04-07 08:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-14 06:26 - 2017-04-07 08:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-14 06:26 - 2017-04-05 07:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-14 06:26 - 2017-04-05 07:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-14 06:26 - 2017-04-05 07:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-14 06:26 - 2017-04-04 08:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-14 06:26 - 2017-04-04 08:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-14 06:26 - 2017-04-04 07:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-14 06:26 - 2017-04-04 07:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-14 06:26 - 2017-03-10 09:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-14 06:26 - 2017-03-10 09:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-14 06:26 - 2017-03-10 09:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-14 06:26 - 2017-03-10 09:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-14 06:26 - 2017-03-10 08:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-14 06:26 - 2017-03-10 08:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-14 06:26 - 2017-03-10 08:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-14 06:26 - 2017-03-09 09:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-14 06:26 - 2017-03-09 09:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-08 18:45 - 2014-09-13 07:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-08 18:43 - 2016-11-25 06:27 - 00000000 ____D C:\Users\2Gs\AppData\LocalLow\Mozilla
2017-06-08 18:43 - 2009-07-13 21:45 - 00024048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-08 18:43 - 2009-07-13 21:45 - 00024048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-08 18:39 - 2016-09-24 12:11 - 00000000 ____D C:\Users\2Gs\AppData\Local\Adobe
2017-06-08 18:32 - 2012-05-05 17:03 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-08 18:32 - 2012-05-05 17:03 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-08 18:31 - 2012-05-05 17:02 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-08 18:31 - 2011-04-19 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-08 18:08 - 2011-11-19 12:24 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2017-06-08 18:08 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-08 08:00 - 2013-04-16 12:14 - 00000000 ____D C:\Users\2Gs\Documents\Travel Gordy
2017-06-08 05:32 - 2013-12-18 20:38 - 00000000 ____D C:\ProgramData\ProductData
2017-05-31 07:56 - 2011-04-23 08:41 - 00000000 ____D C:\Users\2Gs\Documents\Getta
2017-05-31 05:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-30 13:45 - 2011-04-19 00:13 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-05-26 07:37 - 2011-04-23 09:43 - 00000000 ____D C:\Users\2Gs\Documents\Financial Information
2017-05-26 07:29 - 2011-04-23 09:43 - 00000000 ____D C:\Users\2Gs\Documents\Miscellaneous Household Items
2017-05-26 04:40 - 2012-05-05 16:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-25 07:03 - 2013-07-17 07:55 - 00000000 ____D C:\Windows\system32\MRT
2017-05-25 07:02 - 2011-04-19 00:46 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-25 07:01 - 2011-04-23 08:40 - 00000000 ____D C:\Users\2Gs\Documents\Gordy
2017-05-25 06:30 - 2011-04-19 10:22 - 00000000 ____D C:\Program Files (x86)\[]TOOLS[]
2017-05-20 09:00 - 2009-07-13 22:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-20 07:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-05-15 17:41 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-15 17:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-05-15 17:34 - 2009-07-13 21:45 - 00409256 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-15 17:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-14 06:41 - 2011-04-19 11:52 - 00775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2012-12-04 15:47 - 2012-12-04 15:47 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-12-27 10:35 - 2017-02-02 14:57 - 0001705 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-08 07:55

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2017 01
Ran by 2Gs (08-06-2017 19:42:07)
Running from C:\Users\2Gs\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-18 23:00:16)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

2Gs (S-1-5-21-1140302389-1250498145-2741308867-1000 - Administrator - Enabled) => C:\Users\2Gs
Administrator (S-1-5-21-1140302389-1250498145-2741308867-500 - Administrator - Disabled)
Guest (S-1-5-21-1140302389-1250498145-2741308867-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1140302389-1250498145-2741308867-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.21beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Digital Camera Solution Disk 40-46 Software Starter Guide (HKLM-x32\...\SoftwareStarterGuide-DCSD40_46) (Version: 1.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.0.0.1 - Canon Inc.)
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSD1200IS_IXUS95IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 0.5 - Magellan)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CursorFX (HKLM-x32\...\CursorFX) (Version: - Stardock Corporation)
CursorFX (x32 Version: 2.00 - Stardock Corporation) Hidden
Evernote v. 5.0.3 (HKLM-x32\...\{32D39568-3B77-11E3-88CE-00163E98E7D0}) (Version: 5.0.3.1614 - Evernote Corp.)
Family Tree Heritage (HKLM-x32\...\Family Tree Heritage) (Version: - )
Family Tree Heritage Collaboration Support (HKLM-x32\...\InstallShield_{50BD0B15-5197-4EAF-8BCD-81117D1324B1}) (Version: 1.10.0010 - Individual Software)
Family Tree Heritage Collaboration Support (x32 Version: 1.10.0010 - Individual Software) Hidden
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.6 - Outertech)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 3520 series Basic Device Software (HKLM\...\{E80963EC-EED7-411A-8AC0-149EC57FB0F9}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{177F4FEE-E119-4AB7-9B32-ECF6A1D03719}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.4.922 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Living Trust Maker (HKLM-x32\...\Living Trust Maker) (Version: - Nolo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Streets & Trips 2011 (HKLM-x32\...\{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}) (Version: 18.0.26.0201 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mouse Driver (HKLM-x32\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 5.1 - Driver Builder)
Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.195.0 - Tracker Software Products Ltd.)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Quicken WillMaker Plus 2014 (HKLM-x32\...\{44160FDE-C190-45C1-B8E1-23F00228E572}) (Version: 1.0.0.0 - Nolo)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Windows 7 Logon Background Changer (HKLM-x32\...\{76423878-BF55-4C2F-AC25-2A82CE9AFB7A}) (Version: 1.3.4 - Julien MANICI)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ECBC5A7-6E80-41ED-9C12-5B4D386762C8} - System32\Tasks\HP AR Program Upload - 42ca828796d44242890563b46835eca3963eb7cfe5b44473af046ef5d2f85d89 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {14A094A7-3B50-46AF-B07B-ECE0D3C51037} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {16777363-DE87-4574-B641-6E51FAE45CA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-08] (Adobe Systems Incorporated)
Task: {6623C058-32E8-4F22-AD41-102CE4EA7363} - System32\Tasks\HP AR Program Upload - cae64b7f34844db7817eb2047a50939c4dfad2e267b3472da59861e173824da5 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {6D79C42F-AD39-4135-9EC6-BFF0A1BDC362} - System32\Tasks\HP AR Program Upload - b7725f92e012415197f51fabed45d519cdcf2b324c134127a2d95491fcbcd90f => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {9100981C-D09F-4F30-9ADF-C37FF833F74C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {93913CB2-CE29-495E-A11E-542C0F319685} - System32\Tasks\HP Deskjet 3520 series.exe_{71219116-8F4B-43D4-8E88-6878214B8E1C} => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HP Deskjet 3520 series.exe [2012-01-31] (Hewlett-Packard Co.)
Task: {983E3069-66A1-425C-996A-E1EEDE4683CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9AABBD0B-0D25-4369-B85D-873E3159DAB6} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {9E577837-7AE1-4A76-A8D7-17E449A55D19} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-01-31] (Hewlett-Packard Co.)
Task: {A721CF8A-D808-4614-B17C-F17D528C5710} - System32\Tasks\{321BE577-2F14-482D-8759-8E2BEFC025EC} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 07:17 - 2010-03-23 07:17 - 00059904 _____ () C:\Program Files (x86)\[]TOOLS[]\CursorFX\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1140302389-1250498145-2741308867-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\2Gs\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^2Gs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^2Gs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3520 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3520 series.lnk.Startup
MSCONFIG\startupfolder: C:^Users^2Gs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4630 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4630 series.lnk.Startup
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{43590FBB-7266-4232-AE96-2E13B680D6C8}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{DBD5D5CF-D6C6-4AA1-A3A3-0B945AC79639}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{15C43EC3-AB97-4018-AC53-8B2C4552A4D3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{585536B2-838E-4ACD-ACB3-B532ECC4E591}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{1837C33D-A86E-48A5-81F6-D3DBC3FCF525}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{DE87EEC3-6B88-4C17-9144-42C066BDB477}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{211FFBDE-2742-49DD-B993-803C08CC4900}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{13F736EC-F1F8-43E7-85B7-A9E33D16311E}] => (Allow) C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
FirewallRules: [{DF2360FE-4DDC-4A46-951D-1374A4043C95}] => (Allow) C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8A656195-9CC2-4BC9-AFAF-66526F8C438D}C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4A817C77-3FC2-464F-B535-F623FDD11E55}C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe
FirewallRules: [{E7EE1EA4-7F91-4BA3-8AC0-AEA37088918E}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{0318AE47-5B98-4BA4-AA33-7BABB7DDD778}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{C62C73C5-F4C8-4C0C-9574-697733698538}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{8ED63EF3-ED23-45FB-AF9C-F7477B7053C6}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{2BB47476-15D8-4193-A485-4116F7EE6283}] => (Allow) LPort=5357
FirewallRules: [{12FF8481-98E8-4777-842D-ADE3FA3780BD}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4893D75A-94DF-4B32-A49B-5E553AC9F88D}] => (Allow) C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
FirewallRules: [{4410E634-2AF1-435C-90AC-ED9A3B78F535}] => (Allow) C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
FirewallRules: [{4963AD56-2E20-467D-AE0A-744BDF7C59F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DFD3F62E-660C-48D1-8D9E-7140A65F61DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3374C4D1-8009-4A89-9AC6-3A78083B89AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99598D10-5FF7-4DBE-A0D4-3BE7FCEC3341}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DABEE615-AD49-4C4E-92F6-FBA50AB2EE25}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7EB0B795-F919-46CC-A1CE-3378462F32FA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{007D44C5-8CE4-4F2D-B054-ED51BFB242A0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{77462CC3-CD4E-4D90-B44E-B653D77DCD71}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5C6D9835-0116-488C-83B3-2EFE6B030E13}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{165B8951-60CE-40B3-BB86-15EC0C9A3372}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1722415F-4886-46E1-B6A8-85A8622A87F9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Restore Points =========================

23-04-2017 07:25:36 Windows Update
26-04-2017 11:02:26 Windows Update
01-05-2017 08:00:17 Windows Update
05-05-2017 06:21:24 Windows Update
08-05-2017 06:54:57 Windows Update
12-05-2017 06:38:35 Windows Update
14-05-2017 06:02:26 Windows Update
14-05-2017 06:26:58 Windows Update
15-05-2017 17:04:43 Windows Update
20-05-2017 05:30:12 Windows Update
25-05-2017 06:21:31 Windows Update
25-05-2017 07:02:02 Windows Update
26-05-2017 07:49:46 Windows Update
31-05-2017 07:21:55 Windows Update
31-05-2017 07:58:44 Windows Update
05-06-2017 06:40:42 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2017 02:08:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16037

Error: (05/31/2017 02:08:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16037

Error: (05/31/2017 02:08:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/31/2017 02:07:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10809231

Error: (05/31/2017 02:07:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10809231

Error: (05/31/2017 02:07:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/31/2017 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6162

Error: (05/31/2017 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6162

Error: (05/31/2017 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/31/2017 11:07:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5163

System errors:
=============
Error: (06/02/2017 06:19:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {29876C13-B9A8-4D5E-A545-F15B3C1FD359} did not register with DCOM within the required timeout.

Error: (06/01/2017 07:05:51 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (05/31/2017 07:59:31 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.245.91.0

   Update Source: Microsoft Update Server

   Update Stage: Download

   Source Path: http://www.microsoft.com

   Signature Type: AntiVirus

   Update Type: Full

   User: NT AUTHORITY\SYSTEM

   Current Engine Version:

   Previous Engine Version: 1.1.13804.0

   Error code: 0x8024001e

   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (05/31/2017 07:59:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (05/31/2017 07:59:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.245.91.0

   Update Source: Microsoft Update Server

   Update Stage: Download

   Source Path: http://www.microsoft.com

   Signature Type: AntiVirus

   Update Type: Full

   User: NT AUTHORITY\SYSTEM

   Current Engine Version:

   Previous Engine Version: 1.1.13804.0

   Error code: 0x8024001e

   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (05/31/2017 07:22:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (05/31/2017 05:52:55 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TALON
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7C2738DF-E7B1-4346-BD52-BEA1DA77EA71}.
The master browser is stopping or an election is being forced.

Error: (05/31/2017 05:35:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 116.97.0.0

   Update Source: Microsoft Malware Protection Center

   Update Stage: Search

   Source Path: http://go.microsoft....5D-99752CCA7094

   Signature Type: Network Inspection System

   Update Type: Full

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version:

   Previous Engine Version: 2.1.12706.0

   Error code: 0x80072ee7

   Error description: The server name or address could not be resolved

Error: (05/31/2017 05:35:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.245.91.0

   Update Source: Microsoft Malware Protection Center

   Update Stage: Search

   Source Path: http://go.microsoft....5D-99752CCA7094

   Signature Type: AntiSpyware

   Update Type: Full

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version:

   Previous Engine Version: 1.1.13804.0

   Error code: 0x80072ee7

   Error description: The server name or address could not be resolved

Error: (05/31/2017 05:35:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.245.91.0

   Update Source: Microsoft Malware Protection Center

   Update Stage: Search

   Source Path: http://go.microsoft....5D-99752CCA7094

   Signature Type: AntiVirus

   Update Type: Full

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version:

   Previous Engine Version: 1.1.13804.0

   Error code: 0x80072ee7

   Error description: The server name or address could not be resolved

==================== Memory info ===========================

Processor: AMD E-350 Processor
Percentage of memory in use: 33%
Total physical RAM: 3818.9 MB
Available physical RAM: 2539.71 MB
Total Virtual: 7635.99 MB
Available Virtual: 6357.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.66 GB) (Free:374.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C5855C99)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#2
RKinner

Posted 09 June 2017 - 08:55 AM

Malware Expert

Expert
24,624 posts

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

Win 8: http://www.eightforu...indows-8-a.html

win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!)

Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options

Then scroll down to where you see

Choose File and click on it. Point it at the file and hit Open.

Now click on Attach this file.

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

#3
bbj

Posted 11 June 2017 - 05:58 PM

Member

Topic Starter
Member
64 posts

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
System Idle Process   75.94   0 K   24 K   0
procexp64.exe   7.76   21,020 K   40,064 K   3380   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
firefox.exe   4.54   250,904 K   267,176 K   3148   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
dwm.exe   3.83   30,628 K   32,192 K   2788   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
Interrupts   3.07   0 K   0 K   n/a   Hardware Interrupts and DPCs
CursorFX.exe   1.99   2,484 K   3,240 K   2256   CursorFX   Stardock Corporation   (No signature was present in the subject) Stardock Corporation
csrss.exe   0.86   2,540 K   11,328 K   456
System   0.85   196 K   920 K   4
MsMpEng.exe   0.35   112,984 K   106,344 K   792   Antimalware Service Executable   Microsoft Corporation   (Verified) Microsoft Corporation
explorer.exe   0.19   31,372 K   54,712 K   1916   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.18   11,240 K   18,764 K   304   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.14   13,472 K   16,580 K   2620   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.10   7,692 K   14,856 K   2504   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
AppleMobileDeviceService.exe   0.06   3,464 K   10,616 K   1504   MobileDeviceService   Apple Inc.   (Verified) Apple Inc.
ScanToPCActivationApp.exe   0.04   3,484 K   11,704 K   836   ScanToPCActivationApp   Hewlett-Packard Development Company, LP   (Verified) Hewlett Packard
svchost.exe   0.02   13,864 K   14,948 K   1168   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
NisSrv.exe   0.02   14,876 K   8,740 K   2052   Microsoft Network Realtime Inspection Service   Microsoft Corporation   (Verified) Microsoft Corporation
svchost.exe   0.02   3,596 K   7,436 K   744   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   21,476 K   39,420 K   348   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe   0.01   21,780 K   11,680 K   552   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
services.exe   0.01   5,284 K   9,252 K   488
csrss.exe   < 0.01   1,988 K   4,320 K   364
wmpnetwk.exe   < 0.01   13,176 K   7,452 K   2408   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   < 0.01   101,576 K   111,772 K   988   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe   < 0.01   10,304 K   19,700 K   1312   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   < 0.01   14,572 K   17,756 K   1364   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
WUDFHost.exe       1,876 K   6,136 K   2280
wuauclt.exe       1,980 K   6,696 K   3340   Windows Update   Microsoft Corporation   (Verified) Microsoft Windows
winlogon.exe       2,844 K   7,200 K   648
wininit.exe       1,464 K   4,484 K   436
taskhost.exe       4,004 K   9,512 K   3060   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
taskeng.exe       1,668 K   5,364 K   2244
svchost.exe       4,156 K   9,500 K   620   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       19,484 K   22,260 K   956   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,392 K   6,060 K   2184   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,732 K   10,560 K   1588   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       448 K   1,140 K   280
procexp.exe       2,332 K   7,544 K   2956   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
msseces.exe       5,808 K   13,924 K   1556   Microsoft Security Client User Interface   Microsoft Corporation   (Verified) Microsoft Corporation
mDNSResponder.exe       2,144 K   5,804 K   1532   Bonjour Service   Apple Inc.   (Verified) Apple Inc.
lsm.exe       2,388 K   4,196 K   520
lsass.exe       4,524 K   12,116 K   512   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
KMWDSrv.exe       1,160 K   4,380 K   1684   Keyboard And Mouse Communication Service   UASSOFT.COM   (No signature was present in the subject) UASSOFT.COM
IntuitUpdateService.exe       31,880 K   13,720 K   2772   Intuit Update Service   Intuit Inc.   (Verified) Intuit
dllhost.exe       2,004 K   5,932 K   3864   COM Surrogate   Microsoft Corporation   (Verified) Microsoft Windows
audiodg.exe       15,532 K   15,700 K   1408
atiesrxx.exe       1,396 K   4,332 K   916   AMD External Events Service Module   AMD   (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe       2,156 K   6,392 K   1084

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       272 N/A
csrss.exe                      364 N/A
wininit.exe                    436 N/A
csrss.exe                      448 N/A
services.exe                   484 N/A
lsass.exe                      508 KeyIso, SamSs
lsm.exe                        516 N/A
winlogon.exe                   576 N/A
svchost.exe                    664 DcomLaunch, PlugPlay, Power
svchost.exe                    740 RpcEptMapper, RpcSs
MsMpEng.exe                    788 MsMpSvc
atiesrxx.exe                   912 AMD External Events Utility
svchost.exe                    952 AudioSrv, Dhcp, eventlog,
                                   HomeGroupProvider, lmhosts, wscsvc
svchost.exe                    984 AudioEndpointBuilder, hidserv,
                                   HomeGroupListener, Netman, PcaSvc, SysMain,
                                   TrkWks, UxSms, Wlansvc, WPDBusEnum, wudfsvc
svchost.exe                   1016 EventSystem, fdPHost, FontCache, netprofm,
                                   nsi, WdiServiceHost, WinHttpAutoProxySvc
svchost.exe                    320 AeLookupSvc, Appinfo, BITS, Browser,
                                   EapHost, gpsvc, iphlpsvc, LanmanServer,
                                   MMCSS, ProfSvc, Schedule, SENS,
                                   ShellHWDetection, Themes, Winmgmt, wuauserv
svchost.exe                   1072 CryptSvc, Dnscache, LanmanWorkstation,
                                   NlaSvc
atieclxx.exe                  1132 N/A
spoolsv.exe                   1316 Spooler
svchost.exe                   1360 BFE, DPS, MpsSvc
AppleMobileDeviceService.     1472 Apple Mobile Device Service
mDNSResponder.exe             1512 Bonjour Service
svchost.exe                   1556 DiagTrack
KMWDSrv.exe                   1600 KMWDSERVICE
NisSrv.exe                    2056 NisSrv
svchost.exe                   2128 PolicyAgent
WUDFHost.exe                  2332 N/A
IntuitUpdateService.exe       2812 IntuitUpdateServiceV4
svchost.exe                   2964 FDResPub, SSDPSRV, upnphost, wcncsvc
wmpnetwk.exe                  1644 WMPNetworkSvc
SearchIndexer.exe             1812 WSearch
taskhost.exe                  2688 N/A
dwm.exe                       2944 N/A
explorer.exe                   328 N/A
msseces.exe                   3012 N/A
CursorFX.exe                  1080 N/A
ScanToPCActivationApp.exe     2472 N/A
svchost.exe                   3716 p2pimsvc, p2psvc, PNRPsvc
TrustedInstaller.exe          3372 TrustedInstaller
firefox.exe                   2212 N/A
taskeng.exe                   2840 N/A
HPNetworkCommunicatorCom.     3776 N/A
audiodg.exe                   3180 N/A
cmd.exe                       2080 N/A
conhost.exe                   3452 N/A
tasklist.exe                   608 N/A
WmiPrvSE.exe                  3924 N/A

2017-06-11 17:24:29, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:24:29, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2017-06-11 17:24:31, Info                  CSI    0000000c [SR] Verify complete
2017-06-11 17:24:32, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:24:32, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2017-06-11 17:24:34, Info                  CSI    00000010 [SR] Verify complete
2017-06-11 17:24:35, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:24:35, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2017-06-11 17:24:37, Info                  CSI    00000014 [SR] Verify complete
2017-06-11 17:24:38, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:24:38, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2017-06-11 17:24:40, Info                  CSI    00000018 [SR] Verify complete
2017-06-11 17:24:41, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:24:41, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2017-06-11 17:24:43, Info                  CSI    0000001c [SR] Verify complete
2017-06-11 17:24:44, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:24:44, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2017-06-11 17:24:45, Info                  CSI    00000020 [SR] Verify complete
2017-06-11 17:24:46, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:24:46, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2017-06-11 17:24:48, Info                  CSI    00000024 [SR] Verify complete
2017-06-11 17:24:49, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:24:49, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2017-06-11 17:24:51, Info                  CSI    00000028 [SR] Verify complete
2017-06-11 17:24:52, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:24:52, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2017-06-11 17:24:54, Info                  CSI    0000002c [SR] Verify complete
2017-06-11 17:24:55, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:24:55, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2017-06-11 17:24:56, Info                  CSI    00000030 [SR] Verify complete
2017-06-11 17:24:57, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:24:57, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2017-06-11 17:24:59, Info                  CSI    00000034 [SR] Verify complete
2017-06-11 17:25:00, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:00, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:02, Info                  CSI    00000038 [SR] Verify complete
2017-06-11 17:25:03, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:03, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:05, Info                  CSI    0000003c [SR] Verify complete
2017-06-11 17:25:06, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:06, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:08, Info                  CSI    00000040 [SR] Verify complete
2017-06-11 17:25:08, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:08, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:11, Info                  CSI    00000044 [SR] Verify complete
2017-06-11 17:25:12, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:12, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:13, Info                  CSI    00000048 [SR] Verify complete
2017-06-11 17:25:14, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:14, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:16, Info                  CSI    0000004c [SR] Verify complete
2017-06-11 17:25:16, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:16, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:18, Info                  CSI    00000050 [SR] Verify complete
2017-06-11 17:25:19, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:19, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:21, Info                  CSI    00000054 [SR] Verify complete
2017-06-11 17:25:22, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:22, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:24, Info                  CSI    00000058 [SR] Verify complete
2017-06-11 17:25:25, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:25, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:26, Info                  CSI    0000005c [SR] Verify complete
2017-06-11 17:25:27, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:27, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:29, Info                  CSI    00000060 [SR] Verify complete
2017-06-11 17:25:30, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:30, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:32, Info                  CSI    00000064 [SR] Verify complete
2017-06-11 17:25:33, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:33, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:34, Info                  CSI    00000068 [SR] Verify complete
2017-06-11 17:25:35, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:35, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:37, Info                  CSI    0000006c [SR] Verify complete
2017-06-11 17:25:38, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:38, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:40, Info                  CSI    00000070 [SR] Verify complete
2017-06-11 17:25:41, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:41, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:46, Info                  CSI    00000074 [SR] Verify complete
2017-06-11 17:25:47, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:47, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:49, Info                  CSI    00000078 [SR] Verify complete
2017-06-11 17:25:49, Info                  CSI    00000079 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:49, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:53, Info                  CSI    0000007c [SR] Verify complete
2017-06-11 17:25:53, Info                  CSI    0000007d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:53, Info                  CSI    0000007e [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:56, Info                  CSI    00000080 [SR] Verify complete
2017-06-11 17:25:56, Info                  CSI    00000081 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:56, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
2017-06-11 17:25:58, Info                  CSI    00000084 [SR] Verify complete
2017-06-11 17:25:59, Info                  CSI    00000085 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:25:59, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:01, Info                  CSI    00000088 [SR] Verify complete
2017-06-11 17:26:02, Info                  CSI    00000089 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:02, Info                  CSI    0000008a [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:04, Info                  CSI    0000008c [SR] Verify complete
2017-06-11 17:26:05, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:05, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:07, Info                  CSI    00000090 [SR] Verify complete
2017-06-11 17:26:08, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:08, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:10, Info                  CSI    00000094 [SR] Verify complete
2017-06-11 17:26:11, Info                  CSI    00000095 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:11, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:12, Info                  CSI    00000098 [SR] Verify complete
2017-06-11 17:26:13, Info                  CSI    00000099 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:13, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:16, Info                  CSI    0000009c [SR] Verify complete
2017-06-11 17:26:16, Info                  CSI    0000009d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:16, Info                  CSI    0000009e [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:18, Info                  CSI    000000a0 [SR] Verify complete
2017-06-11 17:26:19, Info                  CSI    000000a1 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:19, Info                  CSI    000000a2 [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:21, Info                  CSI    000000a4 [SR] Verify complete
2017-06-11 17:26:22, Info                  CSI    000000a5 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:22, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:27, Info                  CSI    000000a8 [SR] Verify complete
2017-06-11 17:26:27, Info                  CSI    000000a9 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:27, Info                  CSI    000000aa [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:31, Info                  CSI    000000ac [SR] Verify complete
2017-06-11 17:26:32, Info                  CSI    000000ad [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:32, Info                  CSI    000000ae [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:35, Info                  CSI    000000b0 [SR] Verify complete
2017-06-11 17:26:36, Info                  CSI    000000b1 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:36, Info                  CSI    000000b2 [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:42, Info                  CSI    000000b4 [SR] Verify complete
2017-06-11 17:26:43, Info                  CSI    000000b5 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:43, Info                  CSI    000000b6 [SR] Beginning Verify and Repair transaction
2017-06-11 17:26:55, Info                  CSI    000000b9 [SR] Verify complete
2017-06-11 17:26:56, Info                  CSI    000000ba [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:26:56, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2017-06-11 17:27:05, Info                  CSI    000000c0 [SR] Verify complete
2017-06-11 17:27:05, Info                  CSI    000000c1 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:27:05, Info                  CSI    000000c2 [SR] Beginning Verify and Repair transaction
2017-06-11 17:27:12, Info                  CSI    000000c5 [SR] Verify complete
2017-06-11 17:27:13, Info                  CSI    000000c6 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:27:13, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
2017-06-11 17:27:21, Info                  CSI    000000c9 [SR] Verify complete
2017-06-11 17:27:21, Info                  CSI    000000ca [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:27:21, Info                  CSI    000000cb [SR] Beginning Verify and Repair transaction
2017-06-11 17:27:36, Info                  CSI    000000ed [SR] Verify complete
2017-06-11 17:27:36, Info                  CSI    000000ee [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:27:36, Info                  CSI    000000ef [SR] Beginning Verify and Repair transaction
2017-06-11 17:27:43, Info                  CSI    000000f4 [SR] Verify complete
2017-06-11 17:27:44, Info                  CSI    000000f5 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:27:44, Info                  CSI    000000f6 [SR] Beginning Verify and Repair transaction
2017-06-11 17:27:56, Info                  CSI    000000f8 [SR] Verify complete
2017-06-11 17:27:57, Info                  CSI    000000f9 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:27:57, Info                  CSI    000000fa [SR] Beginning Verify and Repair transaction
2017-06-11 17:28:06, Info                  CSI    000000fc [SR] Verify complete
2017-06-11 17:28:06, Info                  CSI    000000fd [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:28:06, Info                  CSI    000000fe [SR] Beginning Verify and Repair transaction
2017-06-11 17:28:13, Info                  CSI    00000100 [SR] Verify complete
2017-06-11 17:28:14, Info                  CSI    00000101 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:28:14, Info                  CSI    00000102 [SR] Beginning Verify and Repair transaction
2017-06-11 17:28:21, Info                  CSI    00000104 [SR] Verify complete
2017-06-11 17:28:21, Info                  CSI    00000105 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:28:21, Info                  CSI    00000106 [SR] Beginning Verify and Repair transaction
2017-06-11 17:28:31, Info                  CSI    00000108 [SR] Verify complete
2017-06-11 17:28:31, Info                  CSI    00000109 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:28:31, Info                  CSI    0000010a [SR] Beginning Verify and Repair transaction
2017-06-11 17:28:51, Info                  CSI    0000012d [SR] Verify complete
2017-06-11 17:28:51, Info                  CSI    0000012e [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:28:51, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
2017-06-11 17:29:04, Info                  CSI    00000131 [SR] Verify complete
2017-06-11 17:29:05, Info                  CSI    00000132 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:29:05, Info                  CSI    00000133 [SR] Beginning Verify and Repair transaction
2017-06-11 17:29:29, Info                  CSI    00000135 [SR] Verify complete
2017-06-11 17:29:29, Info                  CSI    00000136 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:29:29, Info                  CSI    00000137 [SR] Beginning Verify and Repair transaction
2017-06-11 17:29:35, Info                  CSI    0000013b [SR] Verify complete
2017-06-11 17:29:36, Info                  CSI    0000013c [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:29:36, Info                  CSI    0000013d [SR] Beginning Verify and Repair transaction
2017-06-11 17:29:39, Info                  CSI    0000013f [SR] Verify complete
2017-06-11 17:29:39, Info                  CSI    00000140 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:29:39, Info                  CSI    00000141 [SR] Beginning Verify and Repair transaction
2017-06-11 17:29:42, Info                  CSI    00000143 [SR] Verify complete
2017-06-11 17:29:43, Info                  CSI    00000144 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:29:43, Info                  CSI    00000145 [SR] Beginning Verify and Repair transaction
2017-06-11 17:29:56, Info                  CSI    00000153 [SR] Verify complete
2017-06-11 17:29:57, Info                  CSI    00000154 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:29:57, Info                  CSI    00000155 [SR] Beginning Verify and Repair transaction
2017-06-11 17:30:06, Info                  CSI    0000015c [SR] Verify complete
2017-06-11 17:30:07, Info                  CSI    0000015d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:30:07, Info                  CSI    0000015e [SR] Beginning Verify and Repair transaction
2017-06-11 17:30:12, Info                  CSI    00000160 [SR] Verify complete
2017-06-11 17:30:13, Info                  CSI    00000161 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:30:13, Info                  CSI    00000162 [SR] Beginning Verify and Repair transaction
2017-06-11 17:30:24, Info                  CSI    00000164 [SR] Verify complete
2017-06-11 17:30:24, Info                  CSI    00000165 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:30:24, Info                  CSI    00000166 [SR] Beginning Verify and Repair transaction
2017-06-11 17:30:32, Info                  CSI    00000168 [SR] Verify complete
2017-06-11 17:30:33, Info                  CSI    00000169 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:30:33, Info                  CSI    0000016a [SR] Beginning Verify and Repair transaction
2017-06-11 17:30:49, Info                  CSI    0000016d [SR] Verify complete
2017-06-11 17:30:50, Info                  CSI    0000016e [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:30:50, Info                  CSI    0000016f [SR] Beginning Verify and Repair transaction
2017-06-11 17:31:02, Info                  CSI    00000172 [SR] Verify complete
2017-06-11 17:31:02, Info                  CSI    00000173 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:31:02, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2017-06-11 17:31:06, Info                  CSI    00000176 [SR] Verify complete
2017-06-11 17:31:06, Info                  CSI    00000177 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:31:06, Info                  CSI    00000178 [SR] Beginning Verify and Repair transaction
2017-06-11 17:31:11, Info                  CSI    0000017a [SR] Verify complete
2017-06-11 17:31:12, Info                  CSI    0000017b [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:31:12, Info                  CSI    0000017c [SR] Beginning Verify and Repair transaction
2017-06-11 17:31:26, Info                  CSI    0000017e [SR] Verify complete
2017-06-11 17:31:27, Info                  CSI    0000017f [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:31:27, Info                  CSI    00000180 [SR] Beginning Verify and Repair transaction
2017-06-11 17:31:34, Info                  CSI    00000182 [SR] Verify complete
2017-06-11 17:31:34, Info                  CSI    00000183 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:31:34, Info                  CSI    00000184 [SR] Beginning Verify and Repair transaction
2017-06-11 17:31:50, Info                  CSI    00000186 [SR] Verify complete
2017-06-11 17:31:51, Info                  CSI    00000187 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:31:51, Info                  CSI    00000188 [SR] Beginning Verify and Repair transaction
2017-06-11 17:32:05, Info                  CSI    000001a0 [SR] Verify complete
2017-06-11 17:32:06, Info                  CSI    000001a1 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:32:06, Info                  CSI    000001a2 [SR] Beginning Verify and Repair transaction
2017-06-11 17:32:15, Info                  CSI    000001a4 [SR] Verify complete
2017-06-11 17:32:16, Info                  CSI    000001a5 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:32:16, Info                  CSI    000001a6 [SR] Beginning Verify and Repair transaction
2017-06-11 17:32:42, Info                  CSI    000001a8 [SR] Verify complete
2017-06-11 17:32:43, Info                  CSI    000001a9 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:32:43, Info                  CSI    000001aa [SR] Beginning Verify and Repair transaction
2017-06-11 17:33:04, Info                  CSI    000001ad [SR] Verify complete
2017-06-11 17:33:04, Info                  CSI    000001ae [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:33:04, Info                  CSI    000001af [SR] Beginning Verify and Repair transaction
2017-06-11 17:33:16, Info                  CSI    000001b1 [SR] Verify complete
2017-06-11 17:33:17, Info                  CSI    000001b2 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:33:17, Info                  CSI    000001b3 [SR] Beginning Verify and Repair transaction
2017-06-11 17:33:25, Info                  CSI    000001b5 [SR] Verify complete
2017-06-11 17:33:26, Info                  CSI    000001b6 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:33:26, Info                  CSI    000001b7 [SR] Beginning Verify and Repair transaction
2017-06-11 17:33:34, Info                  CSI    000001b9 [SR] Verify complete
2017-06-11 17:33:35, Info                  CSI    000001ba [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:33:35, Info                  CSI    000001bb [SR] Beginning Verify and Repair transaction
2017-06-11 17:33:42, Info                  CSI    000001bf [SR] Verify complete
2017-06-11 17:33:43, Info                  CSI    000001c0 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:33:43, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2017-06-11 17:33:53, Info                  CSI    000001c3 [SR] Verify complete
2017-06-11 17:33:53, Info                  CSI    000001c4 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:33:53, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2017-06-11 17:34:15, Info                  CSI    000001c7 [SR] Verify complete
2017-06-11 17:34:15, Info                  CSI    000001c8 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:34:15, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2017-06-11 17:34:28, Info                  CSI    000001cc [SR] Verify complete
2017-06-11 17:34:28, Info                  CSI    000001cd [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:34:28, Info                  CSI    000001ce [SR] Beginning Verify and Repair transaction
2017-06-11 17:34:37, Info                  CSI    000001d1 [SR] Verify complete
2017-06-11 17:34:38, Info                  CSI    000001d2 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:34:38, Info                  CSI    000001d3 [SR] Beginning Verify and Repair transaction
2017-06-11 17:34:48, Info                  CSI    000001d5 [SR] Verify complete
2017-06-11 17:34:49, Info                  CSI    000001d6 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:34:49, Info                  CSI    000001d7 [SR] Beginning Verify and Repair transaction
2017-06-11 17:35:03, Info                  CSI    000001da [SR] Verify complete
2017-06-11 17:35:03, Info                  CSI    000001db [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:35:03, Info                  CSI    000001dc [SR] Beginning Verify and Repair transaction
2017-06-11 17:35:11, Info                  CSI    000001de [SR] Verify complete
2017-06-11 17:35:12, Info                  CSI    000001df [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:35:12, Info                  CSI    000001e0 [SR] Beginning Verify and Repair transaction
2017-06-11 17:35:21, Info                  CSI    000001e2 [SR] Verify complete
2017-06-11 17:35:21, Info                  CSI    000001e3 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:35:21, Info                  CSI    000001e4 [SR] Beginning Verify and Repair transaction
2017-06-11 17:35:31, Info                  CSI    000001e7 [SR] Verify complete
2017-06-11 17:35:31, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:35:31, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
2017-06-11 17:35:40, Info                  CSI    000001eb [SR] Verify complete
2017-06-11 17:35:41, Info                  CSI    000001ec [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:35:41, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
2017-06-11 17:35:47, Info                  CSI    000001f0 [SR] Verify complete
2017-06-11 17:35:47, Info                  CSI    000001f1 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:35:47, Info                  CSI    000001f2 [SR] Beginning Verify and Repair transaction
2017-06-11 17:35:57, Info                  CSI    000001f5 [SR] Verify complete
2017-06-11 17:35:58, Info                  CSI    000001f6 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:35:58, Info                  CSI    000001f7 [SR] Beginning Verify and Repair transaction
2017-06-11 17:36:07, Info                  CSI    000001f9 [SR] Verify complete
2017-06-11 17:36:08, Info                  CSI    000001fa [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:36:08, Info                  CSI    000001fb [SR] Beginning Verify and Repair transaction
2017-06-11 17:36:18, Info                  CSI    000001ff [SR] Verify complete
2017-06-11 17:36:19, Info                  CSI    00000200 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:36:19, Info                  CSI    00000201 [SR] Beginning Verify and Repair transaction
2017-06-11 17:36:30, Info                  CSI    00000203 [SR] Verify complete
2017-06-11 17:36:31, Info                  CSI    00000204 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:36:31, Info                  CSI    00000205 [SR] Beginning Verify and Repair transaction
2017-06-11 17:36:41, Info                  CSI    00000208 [SR] Verify complete
2017-06-11 17:36:42, Info                  CSI    00000209 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:36:42, Info                  CSI    0000020a [SR] Beginning Verify and Repair transaction
2017-06-11 17:36:47, Info                  CSI    0000020c [SR] Verify complete
2017-06-11 17:36:47, Info                  CSI    0000020d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:36:47, Info                  CSI    0000020e [SR] Beginning Verify and Repair transaction
2017-06-11 17:36:51, Info                  CSI    00000210 [SR] Verify complete
2017-06-11 17:36:52, Info                  CSI    00000211 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:36:52, Info                  CSI    00000212 [SR] Beginning Verify and Repair transaction
2017-06-11 17:36:59, Info                  CSI    00000214 [SR] Verify complete
2017-06-11 17:37:00, Info                  CSI    00000215 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:37:00, Info                  CSI    00000216 [SR] Beginning Verify and Repair transaction
2017-06-11 17:37:08, Info                  CSI    00000218 [SR] Verify complete
2017-06-11 17:37:09, Info                  CSI    00000219 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:37:09, Info                  CSI    0000021a [SR] Beginning Verify and Repair transaction
2017-06-11 17:37:19, Info                  CSI    0000021c [SR] Verify complete
2017-06-11 17:37:20, Info                  CSI    0000021d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:37:20, Info                  CSI    0000021e [SR] Beginning Verify and Repair transaction
2017-06-11 17:37:24, Info                  CSI    00000220 [SR] Verify complete
2017-06-11 17:37:25, Info                  CSI    00000221 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:37:25, Info                  CSI    00000222 [SR] Beginning Verify and Repair transaction
2017-06-11 17:37:35, Info                  CSI    00000224 [SR] Verify complete
2017-06-11 17:37:35, Info                  CSI    00000225 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:37:35, Info                  CSI    00000226 [SR] Beginning Verify and Repair transaction
2017-06-11 17:38:01, Info                  CSI    00000228 [SR] Verify complete
2017-06-11 17:38:02, Info                  CSI    00000229 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:38:02, Info                  CSI    0000022a [SR] Beginning Verify and Repair transaction
2017-06-11 17:38:27, Info                  CSI    0000022c [SR] Verify complete
2017-06-11 17:38:27, Info                  CSI    0000022d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:38:27, Info                  CSI    0000022e [SR] Beginning Verify and Repair transaction
2017-06-11 17:38:38, Info                  CSI    00000230 [SR] Verify complete
2017-06-11 17:38:39, Info                  CSI    00000231 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:38:39, Info                  CSI    00000232 [SR] Beginning Verify and Repair transaction
2017-06-11 17:38:43, Info                  CSI    00000234 [SR] Verify complete
2017-06-11 17:38:44, Info                  CSI    00000235 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:38:44, Info                  CSI    00000236 [SR] Beginning Verify and Repair transaction
2017-06-11 17:38:50, Info                  CSI    00000238 [SR] Verify complete
2017-06-11 17:38:50, Info                  CSI    00000239 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:38:50, Info                  CSI    0000023a [SR] Beginning Verify and Repair transaction
2017-06-11 17:38:56, Info                  CSI    0000023c [SR] Verify complete
2017-06-11 17:38:57, Info                  CSI    0000023d [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:38:57, Info                  CSI    0000023e [SR] Beginning Verify and Repair transaction
2017-06-11 17:39:05, Info                  CSI    00000240 [SR] Verify complete
2017-06-11 17:39:06, Info                  CSI    00000241 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:39:06, Info                  CSI    00000242 [SR] Beginning Verify and Repair transaction
2017-06-11 17:39:08, Info                  CSI    00000244 [SR] Verify complete
2017-06-11 17:39:09, Info                  CSI    00000245 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:39:09, Info                  CSI    00000246 [SR] Beginning Verify and Repair transaction
2017-06-11 17:39:10, Info                  CSI    00000248 [SR] Verify complete
2017-06-11 17:39:11, Info                  CSI    00000249 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:39:11, Info                  CSI    0000024a [SR] Beginning Verify and Repair transaction
2017-06-11 17:39:23, Info                  CSI    00000252 [SR] Verify complete
2017-06-11 17:39:23, Info                  CSI    00000253 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:39:23, Info                  CSI    00000254 [SR] Beginning Verify and Repair transaction
2017-06-11 17:39:29, Info                  CSI    00000256 [SR] Verify complete
2017-06-11 17:39:31, Info                  CSI    00000257 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:39:31, Info                  CSI    00000258 [SR] Beginning Verify and Repair transaction
2017-06-11 17:39:35, Info                  CSI    0000025a [SR] Verify complete
2017-06-11 17:39:36, Info                  CSI    0000025b [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:39:36, Info                  CSI    0000025c [SR] Beginning Verify and Repair transaction
2017-06-11 17:39:43, Info                  CSI    0000025e [SR] Verify complete
2017-06-11 17:39:44, Info                  CSI    0000025f [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:39:44, Info                  CSI    00000260 [SR] Beginning Verify and Repair transaction
2017-06-11 17:39:56, Info                  CSI    00000262 [SR] Verify complete
2017-06-11 17:39:57, Info                  CSI    00000263 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:39:57, Info                  CSI    00000264 [SR] Beginning Verify and Repair transaction
2017-06-11 17:40:11, Info                  CSI    00000267 [SR] Verify complete
2017-06-11 17:40:12, Info                  CSI    00000268 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:40:12, Info                  CSI    00000269 [SR] Beginning Verify and Repair transaction
2017-06-11 17:40:16, Info                  CSI    0000026b [SR] Verify complete
2017-06-11 17:40:16, Info                  CSI    0000026c [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:40:16, Info                  CSI    0000026d [SR] Beginning Verify and Repair transaction
2017-06-11 17:40:22, Info                  CSI    0000026f [SR] Verify complete
2017-06-11 17:40:23, Info                  CSI    00000270 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:40:23, Info                  CSI    00000271 [SR] Beginning Verify and Repair transaction
2017-06-11 17:40:49, Info                  CSI    00000276 [SR] Verify complete
2017-06-11 17:40:50, Info                  CSI    00000277 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:40:50, Info                  CSI    00000278 [SR] Beginning Verify and Repair transaction
2017-06-11 17:41:03, Info                  CSI    0000027d [SR] Verify complete
2017-06-11 17:41:04, Info                  CSI    0000027e [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:41:04, Info                  CSI    0000027f [SR] Beginning Verify and Repair transaction
2017-06-11 17:41:18, Info                  CSI    00000281 [SR] Verify complete
2017-06-11 17:41:19, Info                  CSI    00000282 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:41:19, Info                  CSI    00000283 [SR] Beginning Verify and Repair transaction
2017-06-11 17:41:31, Info                  CSI    00000291 [SR] Verify complete
2017-06-11 17:41:32, Info                  CSI    00000292 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:41:32, Info                  CSI    00000293 [SR] Beginning Verify and Repair transaction
2017-06-11 17:41:44, Info                  CSI    00000299 [SR] Verify complete
2017-06-11 17:41:45, Info                  CSI    0000029a [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:41:45, Info                  CSI    0000029b [SR] Beginning Verify and Repair transaction
2017-06-11 17:41:53, Info                  CSI    0000029d [SR] Verify complete
2017-06-11 17:41:53, Info                  CSI    0000029e [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:41:53, Info                  CSI    0000029f [SR] Beginning Verify and Repair transaction
2017-06-11 17:42:01, Info                  CSI    000002a3 [SR] Verify complete
2017-06-11 17:42:01, Info                  CSI    000002a4 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:42:01, Info                  CSI    000002a5 [SR] Beginning Verify and Repair transaction
2017-06-11 17:42:08, Info                  CSI    000002a7 [SR] Verify complete
2017-06-11 17:42:08, Info                  CSI    000002a8 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:42:08, Info                  CSI    000002a9 [SR] Beginning Verify and Repair transaction
2017-06-11 17:42:23, Info                  CSI    000002ce [SR] Verify complete
2017-06-11 17:42:24, Info                  CSI    000002cf [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:42:24, Info                  CSI    000002d0 [SR] Beginning Verify and Repair transaction
2017-06-11 17:42:32, Info                  CSI    000002d2 [SR] Verify complete
2017-06-11 17:42:32, Info                  CSI    000002d3 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:42:32, Info                  CSI    000002d4 [SR] Beginning Verify and Repair transaction
2017-06-11 17:42:38, Info                  CSI    000002d6 [SR] Verify complete
2017-06-11 17:42:39, Info                  CSI    000002d7 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:42:39, Info                  CSI    000002d8 [SR] Beginning Verify and Repair transaction
2017-06-11 17:42:47, Info                  CSI    000002da [SR] Verify complete
2017-06-11 17:42:47, Info                  CSI    000002db [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:42:47, Info                  CSI    000002dc [SR] Beginning Verify and Repair transaction
2017-06-11 17:42:56, Info                  CSI    000002ea [SR] Verify complete
2017-06-11 17:42:57, Info                  CSI    000002eb [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:42:57, Info                  CSI    000002ec [SR] Beginning Verify and Repair transaction
2017-06-11 17:43:10, Info                  CSI    000002ee [SR] Verify complete
2017-06-11 17:43:10, Info                  CSI    000002ef [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:43:10, Info                  CSI    000002f0 [SR] Beginning Verify and Repair transaction
2017-06-11 17:43:23, Info                  CSI    000002fe [SR] Verify complete
2017-06-11 17:43:24, Info                  CSI    000002ff [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:43:24, Info                  CSI    00000300 [SR] Beginning Verify and Repair transaction
2017-06-11 17:43:29, Info                  CSI    00000302 [SR] Verify complete
2017-06-11 17:43:29, Info                  CSI    00000303 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:43:29, Info                  CSI    00000304 [SR] Beginning Verify and Repair transaction
2017-06-11 17:43:39, Info                  CSI    00000306 [SR] Verify complete
2017-06-11 17:43:40, Info                  CSI    00000307 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:43:40, Info                  CSI    00000308 [SR] Beginning Verify and Repair transaction
2017-06-11 17:43:46, Info                  CSI    0000030b [SR] Verify complete
2017-06-11 17:43:47, Info                  CSI    0000030c [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:43:47, Info                  CSI    0000030d [SR] Beginning Verify and Repair transaction
2017-06-11 17:43:50, Info                  CSI    0000030f [SR] Verify complete
2017-06-11 17:43:51, Info                  CSI    00000310 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:43:51, Info                  CSI    00000311 [SR] Beginning Verify and Repair transaction
2017-06-11 17:44:02, Info                  CSI    00000313 [SR] Verify complete
2017-06-11 17:44:02, Info                  CSI    00000314 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:44:02, Info                  CSI    00000315 [SR] Beginning Verify and Repair transaction
2017-06-11 17:44:11, Info                  CSI    00000317 [SR] Verify complete
2017-06-11 17:44:12, Info                  CSI    00000318 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:44:12, Info                  CSI    00000319 [SR] Beginning Verify and Repair transaction
2017-06-11 17:44:27, Info                  CSI    0000032b [SR] Verify complete
2017-06-11 17:44:27, Info                  CSI    0000032c [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:44:27, Info                  CSI    0000032d [SR] Beginning Verify and Repair transaction
2017-06-11 17:44:37, Info                  CSI    00000337 [SR] Verify complete
2017-06-11 17:44:38, Info                  CSI    00000338 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:44:38, Info                  CSI    00000339 [SR] Beginning Verify and Repair transaction
2017-06-11 17:45:04, Info                  CSI    0000033b [SR] Verify complete
2017-06-11 17:45:04, Info                  CSI    0000033c [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:45:04, Info                  CSI    0000033d [SR] Beginning Verify and Repair transaction
2017-06-11 17:45:10, Info                  CSI    0000033f [SR] Verify complete
2017-06-11 17:45:11, Info                  CSI    00000340 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:45:11, Info                  CSI    00000341 [SR] Beginning Verify and Repair transaction
2017-06-11 17:45:16, Info                  CSI    00000344 [SR] Verify complete
2017-06-11 17:45:16, Info                  CSI    00000345 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:45:16, Info                  CSI    00000346 [SR] Beginning Verify and Repair transaction
2017-06-11 17:45:22, Info                  CSI    00000349 [SR] Verify complete
2017-06-11 17:45:22, Info                  CSI    0000034a [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:45:22, Info                  CSI    0000034b [SR] Beginning Verify and Repair transaction
2017-06-11 17:45:29, Info                  CSI    0000034d [SR] Verify complete
2017-06-11 17:45:29, Info                  CSI    0000034e [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:45:29, Info                  CSI    0000034f [SR] Beginning Verify and Repair transaction
2017-06-11 17:45:37, Info                  CSI    00000351 [SR] Verify complete
2017-06-11 17:45:37, Info                  CSI    00000352 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:45:37, Info                  CSI    00000353 [SR] Beginning Verify and Repair transaction
2017-06-11 17:45:43, Info                  CSI    00000356 [SR] Verify complete
2017-06-11 17:45:44, Info                  CSI    00000357 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:45:44, Info                  CSI    00000358 [SR] Beginning Verify and Repair transaction
2017-06-11 17:45:50, Info                  CSI    0000035a [SR] Verify complete
2017-06-11 17:45:51, Info                  CSI    0000035b [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:45:51, Info                  CSI    0000035c [SR] Beginning Verify and Repair transaction
2017-06-11 17:45:57, Info                  CSI    0000035e [SR] Verify complete
2017-06-11 17:45:58, Info                  CSI    0000035f [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:45:58, Info                  CSI    00000360 [SR] Beginning Verify and Repair transaction
2017-06-11 17:46:05, Info                  CSI    00000362 [SR] Verify complete
2017-06-11 17:46:06, Info                  CSI    00000363 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:46:06, Info                  CSI    00000364 [SR] Beginning Verify and Repair transaction
2017-06-11 17:46:15, Info                  CSI    00000367 [SR] Verify complete
2017-06-11 17:46:15, Info                  CSI    00000368 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:46:15, Info                  CSI    00000369 [SR] Beginning Verify and Repair transaction
2017-06-11 17:46:22, Info                  CSI    0000036b [SR] Verify complete
2017-06-11 17:46:23, Info                  CSI    0000036c [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:46:23, Info                  CSI    0000036d [SR] Beginning Verify and Repair transaction
2017-06-11 17:46:29, Info                  CSI    0000036f [SR] Verify complete
2017-06-11 17:46:30, Info                  CSI    00000370 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:46:30, Info                  CSI    00000371 [SR] Beginning Verify and Repair transaction
2017-06-11 17:46:37, Info                  CSI    00000373 [SR] Verify complete
2017-06-11 17:46:38, Info                  CSI    00000374 [SR] Verifying 100 (0x0000000000000064) components
2017-06-11 17:46:38, Info                  CSI    00000375 [SR] Beginning Verify and Repair transaction
2017-06-11 17:46:46, Info                  CSI    00000377 [SR] Verify complete
2017-06-11 17:46:47, Info                  CSI    00000378 [SR] Verifying 23 (0x0000000000000017) components
2017-06-11 17:46:47, Info                  CSI    00000379 [SR] Beginning Verify and Repair transaction
2017-06-11 17:46:48, Info                  CSI    0000037b [SR] Verify complete
2017-06-11 17:46:48, Info                  CSI    0000037c [SR] Repairing 0 components
2017-06-11 17:46:48, Info                  CSI    0000037d [SR] Beginning Verify and Repair transaction
2017-06-11 17:46:48, Info                  CSI    0000037f [SR] Repair complete

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/06/2017 6:03:15 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/06/2017 12:01:19 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20090516388200000&0#.

Log: 'System' Date/Time: 12/06/2017 12:00:11 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/06/2017 6:06:12 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attached Files

2GS-PC.txt 721.58KB 188 downloads

Edited by bbj, 11 June 2017 - 07:08 PM.

#4
RKinner

Posted 11 June 2017 - 09:26 PM

Malware Expert

Expert
24,624 posts

Speccy can't find a temp for your PC so I can't tell if it needs cleaning but otherwise Speccy looks pretty good.

The error I see in VEW is easily resolved:

search for

services.msc

hit Enter.

Find

Windows Driver Foundation - User-mode Driver Framework

right click on it and select Properties. Change the Startup Type: to Automatic. OK.

Process Explorer is showing a major problem - most likely caused by a bad or out od date driver:

Interrupts 3.07 0 K 0 K n/a Hardware Interrupts and DPCs

Interrupts should be under 1.4. You have over double the limit.

Control Panel, Windows Update, Check for Updates and see if it has any optional drivers for you.

If Windows Updates takes forever to do a check:

Run the

System Update Readiness Tool for Windows 7

This link is for 64 bit:
https://www.microsof...s.aspx?id=20858

Once that runs then get

KB3083710 and KB3102810 if you don't already have them

https://support.micr...n-us/kb/3083710

https://support.micr...n-us/kb/3102810

Then try Windows Update again and see if you have better luck.

You might try Speedfan and see if it can read your temps.
http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray. You can change it: Hit Configure then click on the highest temp and check Show in tray.

IF it reads your temps (other than the hard drive) we expect a laptop to be about 50 C at idle and no hotter than 65 doing a scan or watching a video. Too hot and the heatsink is probably clogged with dust.

#5
bbj

Posted 12 June 2017 - 01:24 AM

Member

Topic Starter
Member
64 posts

I changed the startup setting.

Windows update is taking a normal amount of time searching, downloading and installing. There were no driver updates and no other updates of any kind.

Unfortunately, the computer is going home with my friend but I will try to get it back soon for any other things that need to be done.

Thanks for your help, RKinner!

#6
RKinner

Posted 12 June 2017 - 07:12 AM

Malware Expert

Expert
24,624 posts

Just as well. I'm traveling today & tomorrow so won't be on-line. If you haven't given it back already you can put Team Viewer on it and then log on remotely.

https://www.teamviewer.com/en/