Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Running Really Slow and Display Just isn't Right


  • Please log in to reply

#1
Jeris

Jeris

    Member

  • Member
  • PipPip
  • 53 posts

My partner's computer is running really slow and I suspect that it has been infected with malware.  Everytime we run Chrome Browser, for example, multiple instances are found running in the background and uses up so much of the computer's resources that the computer comes to a standstill.

 

Here are the FRST and Addition logs, respectively:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by John (administrator) on JOHN-PC (14-11-2017 05:29:11)
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Toshiba) C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\BitTorrent\updates\7.10.0_44091\bittorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\BitTorrent\updates\7.10.0_44091\bittorrentie.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\BitTorrent\updates\7.10.0_44091\bittorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-21] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3346887743-778296215-3495361375-1001\...\Run: [BitTorrent] => C:\Users\John\AppData\Roaming\BitTorrent\BitTorrent.exe [1988552 2017-10-13] (BitTorrent Inc.)
HKU\S-1-5-21-3346887743-778296215-3495361375-1001\...\Run: [GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1451352 2017-09-20] (Google Inc.)
HKU\S-1-5-21-3346887743-778296215-3495361375-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-10-17] (SUPERAntiSpyware)
HKU\S-1-5-21-3346887743-778296215-3495361375-1001\...\Policies\system: [DisableLockWorkstation] 0
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-03-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [192616 2011-03-02] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{937F2D44-546C-40E7-828C-43F286A4E1F0}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKU\S-1-5-21-3346887743-778296215-3495361375-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
SearchScopes: HKLM -> DefaultScope {4EF8EC26-7523-4C71-977A-5A4F6653D1AD} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {4EF8EC26-7523-4C71-977A-5A4F6653D1AD} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {4EF8EC26-7523-4C71-977A-5A4F6653D1AD} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {4EF8EC26-7523-4C71-977A-5A4F6653D1AD} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-3346887743-778296215-3495361375-1001 -> {0A0747CF-709F-47FF-AB2F-2FF827451E1A} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS765
SearchScopes: HKU\S-1-5-21-3346887743-778296215-3495361375-1001 -> {4EF8EC26-7523-4C71-977A-5A4F6653D1AD} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-10-10] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-24] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-10-10] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-23] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-10-10] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-10-10] (Google Inc.)
Toolbar: HKU\S-1-5-21-3346887743-778296215-3495361375-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3346887743-778296215-3495361375-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-10-10] (Google Inc.)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2017-10-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-08] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3346887743-778296215-3495361375-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\John\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-10-07] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2017-11-14]
CHR Extension: (Adobe Acrobat) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-22]
CHR Extension: (Avast SafePrice) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-22]
CHR Extension: (Avast Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-22]
CHR Extension: (Google Hangouts) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-10-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-21] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-21] (AVAST Software)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460920 2017-10-10] (NVIDIA Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-21] (AVAST Software s.r.o.)
R0 aswbidsh; C:\windows\system32\drivers\aswbidsha.sys [198976 2017-10-21] (AVAST Software s.r.o.)
R0 aswblog; C:\windows\system32\drivers\aswbloga.sys [343288 2017-10-21] (AVAST Software s.r.o.)
R0 aswbuniv; C:\windows\system32\drivers\aswbuniva.sys [57736 2017-10-21] (AVAST Software s.r.o.)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [47008 2017-10-21] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [147776 2017-10-21] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [110376 2017-10-21] (AVAST Software)
R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [84416 2017-10-21] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1029872 2017-10-26] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [587168 2017-10-21] (AVAST Software)
S2 aswStm; C:\windows\system32\drivers\aswStm.sys [201352 2017-10-21] (AVAST Software)
R0 aswVmm; C:\windows\system32\drivers\aswVmm.sys [363440 2017-10-21] (AVAST Software)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\windows\System32\drivers\nvvad64v.sys [50808 2017-10-10] (NVIDIA Corporation)
R3 nvvhci; C:\windows\System32\DRIVERS\nvvhci.sys [57976 2017-10-10] (NVIDIA Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-14 05:29 - 2017-11-14 05:32 - 000022033 _____ C:\Users\John\Downloads\FRST.txt
2017-11-14 05:27 - 2017-11-14 05:29 - 000000000 ____D C:\FRST
2017-11-14 05:27 - 2017-11-14 05:27 - 002392576 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2017-11-14 05:16 - 2017-11-14 05:16 - 000003578 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 2fff14a8-4eba-4694-8da9-a5f75b9d9d6f
2017-11-14 05:16 - 2017-11-14 05:16 - 000003504 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 8bdf19fb-fb0a-49b4-bb86-f82c5238e483
2017-11-14 05:16 - 2017-11-14 05:16 - 000000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8bdf19fb-fb0a-49b4-bb86-f82c5238e483.job
2017-11-14 05:16 - 2017-11-14 05:16 - 000000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2fff14a8-4eba-4694-8da9-a5f75b9d9d6f.job
2017-11-14 05:15 - 2017-11-14 05:15 - 000001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-11-14 05:15 - 2017-11-14 05:15 - 000000000 ____D C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
2017-11-14 05:15 - 2017-11-14 05:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-11-14 05:14 - 2017-11-14 05:15 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-11-14 05:14 - 2017-11-14 05:14 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-11-14 05:13 - 2017-11-14 05:14 - 030978488 _____ (SUPERAntiSpyware) C:\Users\John\Downloads\SUPERAntiSpyware.exe
2017-11-14 04:49 - 2017-11-14 04:49 - 000598806 _____ C:\Users\John\AppData\Local\census.cache
2017-11-14 04:46 - 2017-11-14 04:46 - 000880449 _____ C:\Users\John\AppData\Local\ars.cache
2017-11-14 04:17 - 2017-11-14 04:17 - 000000010 _____ C:\Users\John\AppData\Local\sponge.last.runtime.cache
2017-11-14 03:58 - 2017-11-14 03:58 - 000000000 ____D C:\windows\Trend Micro
2017-11-14 02:30 - 2017-11-14 02:30 - 002526736 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HousecallLauncher64 (1).exe
2017-11-14 01:51 - 2017-11-14 01:51 - 000000036 _____ C:\Users\John\AppData\Local\housecall.guid.cache
2017-11-14 01:50 - 2017-11-14 01:50 - 002527376 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HousecallLauncher64.exe
2017-11-14 01:50 - 2017-11-14 01:50 - 000000000 ____D C:\Users\John\AppData\Local\Trend Micro
2017-11-14 01:50 - 2017-11-14 01:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HouseCall for Home IoT Devices
2017-11-14 01:49 - 2017-11-14 01:50 - 000002049 _____ C:\Users\Public\Desktop\HouseCall for Home IoT Devices.lnk
2017-11-14 01:49 - 2017-11-14 01:49 - 000003128 _____ C:\windows\System32\Tasks\DRScanner Startup
2017-11-14 01:49 - 2017-11-14 01:49 - 000000000 ____D C:\Program Files (x86)\Trend Micro
2017-11-14 01:47 - 2017-11-14 01:47 - 000000000 ____D C:\ProgramData\Trend Micro
2017-11-14 01:42 - 2017-11-14 01:43 - 000523344 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HouseCallforHomeNetworks.exe
2017-10-31 16:13 - 2017-10-31 16:13 - 000000000 ____D C:\Users\John\AppData\Local\Kjs.AppLife.Update
2017-10-31 11:12 - 2017-11-14 02:22 - 000000000 ____D C:\Users\John\AppData\LocalLow\BitTorrent
2017-10-30 07:21 - 2017-10-30 07:21 - 000000020 ___SH C:\Users\Classic .NET AppPool\ntuser.ini
2017-10-30 07:21 - 2017-10-30 07:21 - 000000000 ____D C:\Users\Classic .NET AppPool
2017-10-30 07:21 - 2011-11-21 18:31 - 000000000 ____D C:\Users\Classic .NET AppPool\AppData\Roaming\Macromedia
2017-10-30 07:21 - 2010-11-20 21:16 - 000000000 ____D C:\Users\Classic .NET AppPool\AppData\Roaming\Media Center Programs
2017-10-30 06:48 - 2017-10-30 14:05 - 000000000 ____D C:\inetpub
2017-10-29 08:50 - 2017-10-29 08:50 - 000000000 ____D C:\Users\John\Documents\Book Place
2017-10-29 08:49 - 2017-10-29 08:49 - 000000000 ____D C:\Users\John\AppData\Roaming\Book Place
2017-10-28 16:57 - 2017-10-28 16:58 - 002339542 _____ C:\Users\John\Downloads\SmartCam 통합-Android-ENGLISH_Web-0821.pdf
2017-10-27 20:41 - 2017-10-27 20:41 - 000133640 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\Zoom_launcher (1).exe
2017-10-26 05:47 - 2017-11-14 04:54 - 000000000 ____D C:\Users\John\AppData\Local\CrashDumps
2017-10-25 03:52 - 2017-10-25 03:52 - 000000000 ____D C:\Program Files\SAMSUNG
2017-10-25 03:48 - 2017-10-25 03:48 - 000000000 ____D C:\Users\John\Desktop\Odin3_v3.12.3
2017-10-25 03:47 - 2017-10-25 03:47 - 000000000 ____D C:\ProgramData\Samsung
2017-10-25 03:45 - 2017-10-25 03:45 - 001147485 _____ C:\Users\John\Downloads\Odin3_v3.12.3 (1).zip
2017-10-25 03:45 - 2017-10-25 03:45 - 001147485 _____ C:\Users\John\Desktop\Odin3_v3.12.3.zip
2017-10-25 03:40 - 2017-10-25 03:42 - 015364480 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\John\Desktop\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.25.0-retail.exe
2017-10-24 04:39 - 2017-10-24 22:08 - 000000000 ____D C:\Users\John\AppData\Local\NVIDIA Corporation
2017-10-24 04:39 - 2017-10-24 04:39 - 000000000 ____D C:\Users\John\AppData\Local\NVIDIA
2017-10-24 04:38 - 2017-10-24 04:38 - 000001423 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-10-24 04:38 - 2017-10-10 15:01 - 000919160 _____ (NVIDIA Corporation) C:\windows\system32\NvRtmpStreamer64.dll
2017-10-24 04:36 - 2017-10-10 15:01 - 001796216 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2017-10-24 04:36 - 2017-10-10 15:01 - 001578104 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2017-10-24 04:35 - 2017-10-24 04:35 - 000003798 _____ C:\windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 04:34 - 2017-10-24 04:34 - 000003814 _____ C:\windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 04:34 - 2017-10-24 04:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-10-24 04:33 - 2017-10-24 04:33 - 000004146 _____ C:\windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 04:32 - 2017-09-17 20:55 - 000001951 _____ C:\windows\NvContainerRecovery.bat
2017-10-24 04:31 - 2017-10-10 13:26 - 000001951 _____ C:\windows\NvTelemetryContainerRecovery.bat
2017-10-24 04:30 - 2017-10-24 04:30 - 000003738 _____ C:\windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 04:30 - 2017-10-24 04:30 - 000003738 _____ C:\windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 04:30 - 2017-10-24 04:30 - 000003730 _____ C:\windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 04:30 - 2017-10-24 04:30 - 000003554 _____ C:\windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 04:30 - 2017-10-24 04:30 - 000003494 _____ C:\windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-24 04:30 - 2017-10-10 15:01 - 000186488 _____ (NVIDIA Corporation) C:\windows\system32\nvaudcap64v.dll
2017-10-24 04:30 - 2017-10-10 15:01 - 000152696 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2017-10-24 04:27 - 2017-10-24 04:27 - 000110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2017-10-24 04:19 - 2017-10-24 04:19 - 000000000 ____D C:\Program Files\Java
2017-10-24 04:14 - 2017-10-10 15:01 - 000057976 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvhci.sys
2017-10-24 04:13 - 2017-10-10 15:01 - 000050808 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2017-10-23 23:53 - 2017-10-23 23:57 - 070513728 _____ (Oracle Corporation) C:\Users\John\Downloads\jre-8u151-windows-x64.exe
2017-10-23 23:49 - 2017-10-23 23:54 - 081400776 _____ (NVIDIA Corporation) C:\Users\John\Downloads\GeForce_Experience_v3.10.0.95.exe
2017-10-23 04:22 - 2017-10-23 04:22 - 000003136 _____ C:\windows\System32\Tasks\{6451DAC2-7F54-440C-A71A-2627499EBB6E}
2017-10-23 04:02 - 2017-10-23 04:02 - 000000000 ____D C:\Program Files (x86)\UEFI WinFlash
2017-10-23 04:01 - 2017-10-23 04:24 - 000000441 _____ C:\Users\John\Desktop\BIOS Launcher.lnk
2017-10-23 04:01 - 2017-10-23 04:01 - 000000000 ____D C:\say1v280
2017-10-23 03:59 - 2017-10-23 04:01 - 090612744 _____ C:\Users\John\Downloads\tc30314200c.exe
2017-10-23 03:58 - 2017-10-23 03:58 - 007564784 _____ C:\Users\John\Downloads\say1v280.exe
2017-10-23 03:58 - 2017-10-23 03:58 - 007564784 _____ C:\Users\John\Downloads\say1v280 (1).exe
2017-10-23 03:52 - 2017-10-23 03:52 - 000000017 _____ C:\Users\John\AppData\Local\resmon.resmoncfg
2017-10-22 21:52 - 2017-10-22 21:52 - 000184074 _____ C:\Users\John\Downloads\chart - john tharp - 160526-160721.pdf
2017-10-22 21:52 - 2017-10-22 21:52 - 000184074 _____ C:\Users\John\Downloads\chart - john tharp - 160526-160721 (3).pdf
2017-10-22 21:52 - 2017-10-22 21:52 - 000184074 _____ C:\Users\John\Downloads\chart - john tharp - 160526-160721 (2).pdf
2017-10-22 21:52 - 2017-10-22 21:52 - 000184074 _____ C:\Users\John\Downloads\chart - john tharp - 160526-160721 (1).pdf
2017-10-22 14:16 - 2017-11-14 01:42 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-10-22 14:16 - 2017-10-22 14:17 - 000000000 ____D C:\ProgramData\McAfee
2017-10-22 14:14 - 2017-10-23 05:16 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-10-22 14:14 - 2017-10-22 14:14 - 000002058 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-10-22 13:23 - 2017-10-22 13:23 - 000000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2017-10-22 04:23 - 2017-10-22 04:23 - 000000000 ____D C:\Users\John\AppData\Roaming\Apple Computer
2017-10-22 04:23 - 2017-10-22 04:23 - 000000000 ____D C:\Users\John\AppData\Local\Apple Computer
2017-10-22 04:22 - 2017-10-22 04:22 - 000001758 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-10-22 04:22 - 2017-10-22 04:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-10-22 04:22 - 2017-10-22 04:22 - 000000000 ____D C:\Program Files\iPod
2017-10-22 04:17 - 2017-10-22 04:22 - 000000000 ____D C:\Program Files\iTunes
2017-10-22 04:17 - 2017-10-22 04:17 - 000000000 ____D C:\ProgramData\Apple Computer
2017-10-22 04:16 - 2017-10-22 04:16 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-10-22 04:16 - 2017-10-22 04:16 - 000000000 ____D C:\windows\System32\Tasks\Apple
2017-10-22 04:16 - 2017-10-22 04:16 - 000000000 ____D C:\Users\John\AppData\Local\Apple
2017-10-22 04:16 - 2017-10-22 04:16 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-10-22 04:14 - 2017-10-22 04:14 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-10-22 04:07 - 2017-10-22 04:09 - 260623688 _____ (Apple Inc.) C:\Users\John\Downloads\iTunes64Setup.exe
2017-10-21 16:58 - 2017-10-21 16:58 - 003037200 _____ C:\Users\John\Downloads\opp.pdf
2017-10-21 13:35 - 2017-10-21 13:35 - 000000000 ____D C:\Users\John\AppData\Roaming\AVAST Software
2017-10-21 13:34 - 2017-10-21 13:34 - 000000000 ____D C:\Users\John\AppData\Local\CEF
2017-10-21 13:28 - 2017-11-14 03:58 - 000000000 _____ C:\windows\SysWOW64\last.dump
2017-10-21 13:08 - 2017-11-14 01:43 - 000004172 _____ C:\windows\System32\Tasks\Avast Emergency Update
2017-10-21 13:08 - 2017-10-21 13:07 - 000587168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2017-10-21 13:08 - 2017-10-21 13:07 - 000363440 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2017-10-21 13:08 - 2017-10-21 13:07 - 000201352 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2017-10-21 13:08 - 2017-10-21 13:07 - 000147776 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-10-21 13:08 - 2017-10-21 13:07 - 000084416 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-10-21 13:08 - 2017-10-21 13:07 - 000047008 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-10-21 13:07 - 2017-10-26 12:20 - 001029872 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2017-10-21 13:07 - 2017-10-21 13:07 - 000401488 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-10-21 13:07 - 2017-10-21 13:07 - 000110376 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-10-21 13:07 - 2017-10-21 13:04 - 000343288 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbloga.sys
2017-10-21 13:07 - 2017-10-21 13:04 - 000321032 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsdrivera.sys
2017-10-21 13:07 - 2017-10-21 13:04 - 000198976 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsha.sys
2017-10-21 13:07 - 2017-10-21 13:04 - 000057736 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbuniva.sys
2017-10-21 13:03 - 2017-10-21 13:03 - 000000039 _____ C:\Users\John\Downloads\Stats.ini
2017-10-21 13:03 - 2017-10-21 13:03 - 000000000 ____D C:\Program Files\AVAST Software
2017-10-21 13:02 - 2017-10-22 01:35 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-21 13:02 - 2017-10-21 13:02 - 006231776 _____ (AVAST Software) C:\Users\John\Downloads\avast_free_antivirus_setup_online.exe
2017-10-21 10:24 - 2017-10-21 10:24 - 000000000 ____D C:\Users\John\Documents\Zoom
2017-10-16 05:31 - 2017-10-22 15:06 - 000000000 ____D C:\Users\John\AppData\Local\Adobe
2017-10-16 05:31 - 2017-10-16 05:31 - 000000000 ____D C:\Users\John\AppData\LocalLow\Adobe
2017-10-16 05:02 - 2017-10-16 05:02 - 000000000 ____H C:\windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-14 05:28 - 2017-10-13 02:07 - 000000000 ____D C:\Users\John\AppData\Roaming\BitTorrent
2017-11-14 03:50 - 2009-07-13 18:45 - 000025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-14 03:50 - 2009-07-13 18:45 - 000025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-14 02:30 - 2017-10-07 05:41 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-14 02:21 - 2009-07-13 19:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-10-31 11:18 - 2009-07-13 17:20 - 000000000 ____D C:\windows\system32\NDF
2017-10-31 10:54 - 2009-07-13 17:20 - 000000000 ____D C:\windows\rescache
2017-10-30 14:14 - 2009-07-13 17:20 - 000000000 ____D C:\windows\system32\inetsrv
2017-10-30 14:13 - 2009-07-13 17:20 - 000000000 ____D C:\windows\Registration
2017-10-30 14:05 - 2009-07-13 19:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-10-30 14:05 - 2009-07-13 19:32 - 000000000 ____D C:\Program Files\Microsoft Games
2017-10-30 14:05 - 2009-07-13 17:20 - 000000000 ____D C:\windows\SysWOW64\inetsrv
2017-10-30 14:05 - 2009-07-13 17:20 - 000000000 ____D C:\windows\inf
2017-10-30 07:19 - 2009-07-13 19:13 - 000897360 _____ C:\windows\system32\PerfStringBackup.INI
2017-10-30 07:18 - 2017-10-08 04:32 - 000853758 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2017-10-29 08:49 - 2017-10-07 23:44 - 000000000 ____D C:\Users\John\AppData\Roaming\Toshiba
2017-10-28 04:08 - 2017-10-07 06:17 - 000000000 ____D C:\ProgramData\Norton
2017-10-28 04:08 - 2017-10-07 06:15 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2017-10-28 02:41 - 2017-10-10 21:49 - 000000000 ____D C:\windows\System32\Tasks\Remediation
2017-10-26 11:19 - 2017-10-07 05:39 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-10-26 11:15 - 2009-07-13 17:20 - 000000000 __RHD C:\Users\Public\Libraries
2017-10-25 11:04 - 2009-07-13 19:09 - 000000000 ____D C:\windows\System32\Tasks\WPD
2017-10-24 04:38 - 2017-10-07 05:39 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-24 04:36 - 2017-10-07 05:38 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-24 04:27 - 2017-10-07 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-24 04:13 - 2017-10-07 17:40 - 000000000 ____D C:\Users\John\AppData\Roaming\Google
2017-10-23 04:23 - 2017-10-07 21:54 - 000000000 ____D C:\ProgramData\Oracle
2017-10-23 04:20 - 2011-11-21 18:31 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-23 04:08 - 2017-10-07 21:55 - 000097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-10-22 15:07 - 2011-11-21 18:31 - 000000000 ____D C:\ProgramData\Adobe
2017-10-22 14:11 - 2011-11-21 18:31 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-10-22 04:15 - 2017-10-13 03:06 - 000000000 ____D C:\ProgramData\Apple
2017-10-21 13:31 - 2011-11-21 18:31 - 000000000 ____D C:\windows\SysWOW64\Macromed
2017-10-21 12:50 - 2017-10-08 00:17 - 000000000 ____D C:\Users\John\AppData\Local\Google
2017-10-16 05:31 - 2017-10-07 17:42 - 000000000 ____D C:\Users\John\AppData\Roaming\Adobe
 
==================== Files in the root of some directories =======
 
2017-10-08 01:42 - 2017-10-08 03:15 - 007649280 _____ () C:\Program Files (x86)\GUT41F2.tmp
2017-11-14 04:46 - 2017-11-14 04:46 - 000880449 _____ () C:\Users\John\AppData\Local\ars.cache
2017-11-14 04:49 - 2017-11-14 04:49 - 000598806 _____ () C:\Users\John\AppData\Local\census.cache
2017-11-14 01:51 - 2017-11-14 01:51 - 000000036 _____ () C:\Users\John\AppData\Local\housecall.guid.cache
2017-10-23 03:52 - 2017-10-23 03:52 - 000000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
2017-11-14 04:17 - 2017-11-14 04:17 - 000000010 _____ () C:\Users\John\AppData\Local\sponge.last.runtime.cache
 
Some files in TEMP:
====================
2017-10-23 04:04 - 2017-10-23 04:05 - 001856576 _____ (Oracle Corporation) C:\Users\John\AppData\Local\Temp\jre-8u151-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-10-30 03:53
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by John (14-11-2017 05:33:42)
Running from C:\Users\John\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2017-10-08 09:38:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3346887743-778296215-3495361375-500 - Administrator - Disabled)
Guest (S-1-5-21-3346887743-778296215-3495361375-501 - Limited - Disabled)
John (S-1-5-21-3346887743-778296215-3495361375-1001 - Administrator - Enabled) => C:\Users\John
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-c39e2076-143f-442a-8433-2ded7236a6b9) (Version: 2.2.0.97 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-3346887743-778296215-3495361375-1001\...\BitTorrent) (Version: 7.10.0.44091 - BitTorrent Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ENE CIR Receiver Driver (HKLM\...\2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042) (Version: 2.7.4.1 - ENE)
FATE - The Traitor Soul (HKLM-x32\...\WTA-33cc34ee-3dfb-4478-8b24-2ea49ac30f73) (Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.57 - Google Inc.) Hidden
HouseCall for Home IoT Devices (HKLM\...\DRScanner) (Version: 3.0.1095 - Trend Micro Inc.)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Letters from Nowhere 2 (HKLM-x32\...\WTA-ea93459e-9868-46ac-804a-b8241e032cfc) (Version: 2.2.0.97 - WildTangent) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 267.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 267.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 267.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
Penguins! (HKLM-x32\...\WTA-c79749e5-83bf-41f8-96cd-307a6314a5ba) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-a56119b0-e26b-49ec-a7bf-f93b369cad68) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (HKLM-x32\...\WTA-64258cee-27dd-4bc7-9e85-e188a49bdf3a) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
RollerCoaster Tycoon 3: Platinum (HKLM-x32\...\WTA-ee4ac6ab-b6aa-462a-82fd-ee35ce13ada1) (Version: 2.2.0.98 - WildTangent) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-f11a6686-edee-4e31-9a1a-d72e4cc8e2ad) (Version: 2.2.0.98 - WildTangent) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.3C - TOSHIBA) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.3C - TOSHIBA) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-3346887743-778296215-3495361375-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
Zuma's Revenge (HKLM-x32\...\WTA-2f81631d-cee6-4b07-bf19-c2eb21f11735) (Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-21] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-21] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-21] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-06-27] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2011-03-01] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-21] (AVAST Software)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14823663-F1FE-4761-9AE3-9B8280425006} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {1A7B8290-8622-4031-9D9D-D0F463F754FE} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
Task: {1A846154-EE3F-4638-9D85-1924E9135645} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-21] (AVAST Software)
Task: {1D48AD91-B8AB-4CF7-BBC8-163F39F73152} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-10] (NVIDIA Corporation)
Task: {2233A90C-8EF0-496E-9886-74111912C00E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-10] (NVIDIA Corporation)
Task: {2C7A1650-A01D-4C13-A275-068CA62300D6} - System32\Tasks\{6451DAC2-7F54-440C-A71A-2627499EBB6E} => C:\windows\system32\pcalua.exe -a C:\Users\John\AppData\Local\Temp\jds54412774.tmp\jre-8u151-windows-au.exe <==== ATTENTION
Task: {3A2963BF-EB9F-4175-9108-D4A371EE28EE} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2fff14a8-4eba-4694-8da9-a5f75b9d9d6f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {430164D0-B633-41A7-A304-C57BEF39D6C3} - System32\Tasks\DRScanner Startup => C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe [2017-10-19] (Trend Micro Inc.)
Task: {4951300E-4448-4CC1-9A1B-3A8E5BF59994} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {6613405C-B8D9-48FE-A874-5A7A92CF20BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-08] (Google Inc.)
Task: {7CE2ABB4-4A81-40A8-AD3E-A8FAD13469F7} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {9B3C91A1-E3C1-4E9D-B38D-4C2AB79BCB19} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-10] (NVIDIA Corporation)
Task: {9F6AD56C-1B92-405D-9FE6-536AAB574F30} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {BE5CCEB3-5747-48BC-8D86-69D237396F34} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {CA976AB5-6A12-4198-AD6D-0D4A978AD4DA} - System32\Tasks\SUPERAntiSpyware Scheduled Task 8bdf19fb-fb0a-49b4-bb86-f82c5238e483 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {CF1802E0-11B1-4A88-BB7C-33922A6731CC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-10] (NVIDIA Corporation)
Task: {DE535EB3-9181-4E66-A5DF-F476CEB755E9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-10] (NVIDIA Corporation)
Task: {E53E1A30-DF1F-4170-B181-0966D994E286} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-08] (Google Inc.)
Task: {FF453ED0-EC8E-493B-8709-011460B0B29A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-10] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2fff14a8-4eba-4694-8da9-a5f75b9d9d6f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8bdf19fb-fb0a-49b4-bb86-f82c5238e483.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-05-31 14:32 - 2011-05-31 14:32 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-06-27 06:16 - 2011-06-27 06:16 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 14:18 - 2010-11-18 14:18 - 011190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 07:37 - 2010-11-30 07:37 - 000048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-12-15 12:19 - 2010-12-15 12:19 - 000124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2011-02-22 16:22 - 2011-02-22 16:22 - 000429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-24 04:33 - 2017-10-10 15:01 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-10-10 18:08 - 2017-09-20 21:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-10-10 18:07 - 2017-09-20 21:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2011-06-09 18:09 - 2011-06-09 18:09 - 000079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2017-10-24 04:33 - 2017-10-10 15:01 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-11-14 01:49 - 2017-10-19 16:27 - 003186320 _____ () C:\Program Files (x86)\Trend Micro\DRScanner\sdk\DrsSDK.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 16:34 - 2017-10-30 05:08 - 000000826 _____ C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3346887743-778296215-3495361375-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C872428A-EEC0-4859-981B-44A990B4821D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5908E83F-A67E-4D95-B275-37A845D908C0}] => (Allow) LPort=2869
FirewallRules: [{5450716C-A89B-49DA-A7EB-39BCE09ABC90}] => (Allow) LPort=1900
FirewallRules: [{14F238E0-5D87-457F-9A4F-08BF95E2FCFC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{53C30A38-375B-4EAC-A4FC-7255FEE57685}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B92D6631-7BCA-434E-AE40-0525F968D9D7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{DB0BC518-1744-4D06-8A4F-42FA0646330D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9E516531-8245-48EF-BCBE-06242FFF588D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{BE0A6BBF-2C94-4F1D-9E3D-E5CC931DD1A3}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{0DD62CD8-DCC3-4E91-BC2A-522BD5D73793}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{42072C5D-6866-4806-9F9D-77FA86E34B5A}] => (Allow) C:\Users\John\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E1CFC648-046E-4A4A-853F-1424FD29C47E}] => (Allow) C:\Users\John\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D50F67EE-E2C6-4C0C-A860-75E5A6845A8A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DDEADBDE-724E-4ACB-A9FE-63C5DF7A16FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E771E023-A69C-4FE5-BFAD-96BBBDDDB3DC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{41A3D060-4BB4-4421-A607-7693736F9346}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E59E1D5A-6A20-40E7-AE20-99242FF3CF31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E8099411-5E5D-4207-A2DA-9D5315BFEED0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{760EA19C-A8FC-4715-B607-B4F37C03B9D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F5D9BB7B-4D8E-41A0-AD1E-DD59F5E77053}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{48786C42-9F35-4B6A-973B-F27A3AF30A9E}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe
FirewallRules: [{D89E63C1-8C38-4043-83E6-5B2DECF61B99}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\nmap\nmap.exe
FirewallRules: [{75E40A89-E446-4388-9348-EC30C1B6C4BC}] => (Allow) C:\Users\John\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [{474D781A-DAB1-468D-B9BA-0876ABFAD904}] => (Allow) C:\Users\John\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
FirewallRules: [{94242A3D-00CE-4ECE-A43A-6C5B6BA05109}] => (Allow) C:\Users\John\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
 
==================== Restore Points =========================
 
21-10-2017 10:30:35 Windows Update
22-10-2017 04:16:09 Installed iTunes
30-10-2017 03:54:54 Scheduled Checkpoint
30-10-2017 06:43:52 Windows Modules Installer
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/14/2017 04:12:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DrScaner.exe, version: 0.0.0.0, time stamp: 0x5a0a9f21
Faulting module name: DrsSDK.dll, version: 0.0.0.0, time stamp: 0x5a0ab8d0
Exception code: 0xc0000005
Fault offset: 0x00121915
Faulting process id: 0x1a10
Faulting application start time: 0x01d35d5237b1e2f9
Faulting application path: C:\Users\John\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
Faulting module path: C:\Users\John\AppData\Local\Temp\HouseCall\tmase\drs\DrsSDK.dll
Report Id: ccffb81c-c945-11e7-96bc-fe969ba8f598
 
Error: (11/14/2017 02:26:19 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (11/14/2017 02:25:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/14/2017 01:51:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.0.40:53060 to 192.168.0.40:49154 length 0 too short
 
Error: (11/14/2017 01:51:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.0.40:53059 to 192.168.0.40:49154 length 0 too short
 
Error: (11/01/2017 10:51:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3213
 
Error: (11/01/2017 10:51:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3213
 
Error: (11/01/2017 10:51:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/01/2017 10:51:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2074
 
Error: (11/01/2017 10:51:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2074
 
 
System errors:
=============
Error: (11/14/2017 03:59:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
 
Error: (11/14/2017 03:58:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (11/14/2017 02:27:42 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer RICKY-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{937F2D44-546C-40E7-828C-43F286A4E1F0}.
The master browser is stopping or an election is being forced.
 
Error: (11/14/2017 02:21:24 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:17:38 AM on ‎11/‎14/‎2017 was unexpected.
 
Error: (11/14/2017 01:39:46 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer RICKY-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{937F2D44-546C-40E7-828C-43F286A4E1F0}.
The master browser is stopping or an election is being forced.
 
Error: (11/14/2017 01:28:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {ABC01078-F197-4B0B-ADBC-CFE684B39C82} did not register with DCOM within the required timeout.
 
Error: (10/31/2017 07:39:08 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/31/2017 07:38:35 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/31/2017 07:38:31 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/31/2017 07:38:20 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 53%
Total physical RAM: 6050.7 MB
Available physical RAM: 2835.86 MB
Total Virtual: 12099.57 MB
Available Virtual: 9064.15 MB
 
==================== Drives ================================
 
Drive c: (TI106332W0C) (Fixed) (Total:579.64 GB) (Free:487.31 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: A8DA9325)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=579.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,647 posts
  • MVP
Error: (10/31/2017 07:38:35 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

 
Error: (11/01/2017 10:51:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3213
 

 

 

 

Description: Faulting application name: DrScaner.exe, version: 0.0.0.0, time stamp: 0x5a0a9f21

 

 

 

Uninstall Bonjour

Uninstall HouseCall for Home IoT Devices

Also uninstall SuperAntiSpyware, BitTorrent

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close notepad.  Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo.com/download_speccy/ (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP