Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Error pop-ups and computer slows


  • Please log in to reply

#1
lhey

lhey

    Member

  • Member
  • PipPip
  • 98 posts

Hi!

 

Need help my laptop an error keeps popping up, computer slows down and desktop wallpaper keeps returning to its default theme every time I open it.

 

Please see below Frst Txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Jerome (administrator) on ALEAH-PC (05-12-2017 00:19:42)
Running from C:\Users\Jerome\Downloads
Loaded Profiles: Jerome (Available Profiles: Jerome)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(AbeGunnerZ Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
() C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
() C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe
() C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe
() C:\Users\Jerome\AppData\Roaming\svchostx64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [242552 2013-09-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-01-31] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [2347008 2011-11-10] (AbeGunnerZ Lab)
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\Run: [Microsoft Windows Manager] => C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe [97063 2017-12-04] ()
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\RunOnce: [Adobe Speed Launcher] => 1512343532
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\CurrentVersion\Windows: [Load] C:\Users\Jerome\LOCALS~1\Temp\mszibaih.scr <==== ATTENTION
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\MountPoints2: F - F:\USBNB.exe
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\MountPoints2: {eb59c5d0-ab00-11e7-bf81-3c77e6d88d6c} - F:\USBNB.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.22.1
Tcpip\..\Interfaces\{2DCE6236-84C4-4BF9-BE5C-3542EFF0DB10}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{3463424D-9329-4D2B-BF92-7D2A7834773B}: [DhcpNameServer] 192.168.22.1
Tcpip\..\Interfaces\{C1EAB9E2-5F32-4361-B97A-E85AAEE37779}: [DhcpNameServer] 192.168.22.1

Internet Explorer:
==================
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1141224537-1566625622-1964642510-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: oi0my0ey.default
FF ProfilePath: C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\oi0my0ey.default [2017-12-05]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\oi0my0ey.default\features\{b3598417-3003-4bc3-a996-ed336f95439a}\[email protected] [2017-11-22] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_144.dll [2017-04-01] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_144.dll [2017-04-01] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-04-09] (Broadcom Corporation.)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [722488 2010-04-29] (Conexant Systems Inc.)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [827096 2015-02-06] (Realsil Semiconductor Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 00:19 - 2017-12-05 00:19 - 000000000 ____D C:\Users\Jerome\Downloads\FRST-OlderVersion
2017-12-04 16:07 - 2017-12-04 16:18 - 000000000 ____H C:\Users\Jerome\AppData\Roaming\winmgr.txt
2017-12-04 16:05 - 2017-12-04 16:05 - 000000000 _RSHD C:\Users\Jerome\M-50500586850859759959469767487936945749799505950
2017-12-04 15:56 - 2017-12-04 15:56 - 000003482 _____ C:\Windows\System32\Tasks\Adasdsadas3id
2017-12-04 15:56 - 2017-12-04 15:55 - 000411133 ___SH C:\Users\Jerome\AppData\Roaming\svchostx64.exe
2017-12-03 12:30 - 2017-12-03 12:33 - 000000000 ____D C:\Users\Jerome\Documents\keisha's poem
2017-12-01 22:09 - 2017-12-01 22:09 - 000035797 _____ C:\Users\Jerome\Documents\Presentation1.pptx
2017-12-01 21:59 - 2017-12-01 21:59 - 000000037 ____H C:\Users\Jerome\Downloads\.picasa.ini
2017-11-21 09:08 - 2017-11-21 09:09 - 000018933 _____ C:\Users\Jerome\Downloads\Addition.txt
2017-11-21 09:07 - 2017-12-05 00:20 - 000009407 _____ C:\Users\Jerome\Downloads\FRST.txt
2017-11-21 09:07 - 2017-12-05 00:19 - 000000000 ____D C:\FRST
2017-11-21 09:04 - 2017-12-05 00:19 - 002391552 _____ (Farbar) C:\Users\Jerome\Downloads\FRST64.exe
2017-11-21 08:31 - 2017-12-04 07:53 - 000004960 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ALEAH-PC-Jerome Aleah-PC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-04 23:25 - 2009-07-14 12:45 - 000009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-04 23:25 - 2009-07-14 12:45 - 000009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-04 18:40 - 2017-06-20 08:41 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\Skype
2017-12-04 16:05 - 2017-04-01 11:31 - 000000000 ____D C:\Users\Jerome
2017-12-04 07:31 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-04 07:31 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2017-12-04 07:26 - 2017-04-11 09:43 - 000000000 ____D C:\Users\Jerome\AppData\LocalLow\Mozilla
2017-12-04 07:25 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-04 00:55 - 2017-04-01 12:20 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-12-03 11:36 - 2017-04-01 15:34 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\vlc
2017-12-02 14:50 - 2017-10-21 13:22 - 000000000 ____D C:\Users\Jerome\Documents\keisha's wallpapers
2017-12-01 19:54 - 2017-10-07 14:19 - 000000000 ____D C:\Users\Jerome\Documents\Zac world
2017-11-27 08:25 - 2009-07-14 13:08 - 000032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-26 15:59 - 2009-07-14 15:45 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-11-26 15:44 - 2017-04-05 12:31 - 000000000 ____D C:\Users\Jerome\Documents\Custom Office Templates
2017-11-25 09:53 - 2017-05-28 02:14 - 000000000 ____D C:\Users\Jerome\Documents\Chad
2017-11-21 08:18 - 2017-05-07 15:48 - 000004966 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jerome-PC-Jerome Jerome-PC
2017-11-19 02:02 - 2017-08-17 19:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-18 09:15 - 2017-04-01 12:53 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\Mozilla
2017-11-18 09:15 - 2017-04-01 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-16 21:34 - 2017-10-07 14:21 - 000000000 ____D C:\Users\Jerome\Documents\subject projects
2017-11-16 21:24 - 2017-04-07 18:51 - 000000000 ___RD C:\Users\Jerome\Documents\Notes
2017-11-16 21:23 - 2017-07-15 17:11 - 000000000 ____D C:\Users\Jerome\Documents\Border's
2017-11-15 18:13 - 2017-04-24 16:58 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\uTorrent
2017-11-13 08:28 - 2017-11-04 18:47 - 000183028 _____ C:\Users\Jerome\Documents\resume-new.pdf
2017-11-08 16:40 - 2017-04-24 17:05 - 000000000 ___SD C:\Users\Jerome\AppData\LocalLow\Temp

==================== Files in the root of some directories =======

2017-12-04 15:56 - 2017-12-04 15:55 - 000411133 ___SH () C:\Users\Jerome\AppData\Roaming\svchostx64.exe
2017-12-04 16:07 - 2017-12-04 16:18 - 000000000 ____H () C:\Users\Jerome\AppData\Roaming\winmgr.txt

Some files in TEMP:
====================
2017-12-04 15:55 - 2017-12-04 15:55 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
2017-12-04 15:59 - 2017-12-04 15:59 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01d6c1f0.exe
2017-12-04 16:39 - 2017-12-04 16:39 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01fbaf4c.exe
2017-12-04 16:40 - 2017-12-04 16:40 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01fc09aa.exe
2017-12-04 16:40 - 2017-12-04 16:40 - 000097063 ___SH () C:\Users\Jerome\AppData\Local\Temp\01fcc03c.exe
2017-12-04 16:41 - 2017-12-04 16:41 - 000097063 ___SH () C:\Users\Jerome\AppData\Local\Temp\01fd68bb.exe
2017-12-04 16:54 - 2017-12-04 16:54 - 000097063 ___SH () C:\Users\Jerome\AppData\Local\Temp\02095de2.exe
2017-12-04 16:54 - 2017-12-04 16:54 - 000097063 ___SH () C:\Users\Jerome\AppData\Local\Temp\0209aceb.exe
2017-12-04 21:09 - 2017-12-04 21:09 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\agvwojdopp.exe
2017-12-05 00:15 - 2017-12-05 00:15 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe
2017-12-05 00:14 - 2017-12-05 00:14 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe
2017-12-04 17:01 - 2017-12-04 17:01 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\cvrvjmskyn.exe
2017-12-04 21:09 - 2017-12-04 21:09 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\duaobocteq.exe
2017-12-04 21:30 - 2017-12-04 21:30 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ehsqtrhzpj.exe
2017-12-04 18:15 - 2017-12-04 18:15 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\eqcowpxtcw.exe
2017-12-04 23:54 - 2017-12-04 23:54 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\fhzhrtfyvp.exe
2017-12-04 16:41 - 2017-12-04 16:41 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\fjornqobgd.exe
2017-12-04 22:31 - 2017-12-04 22:31 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\fufqyokkdv.exe
2017-12-04 22:00 - 2017-12-04 22:00 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\gumsbguive.exe
2017-12-04 17:54 - 2017-12-04 17:54 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\gurabohpse.exe
2017-12-04 23:54 - 2017-12-04 23:54 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\hktssgkiaq.exe
2017-12-04 18:15 - 2017-12-04 18:15 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\hlwyxdcdhf.exe
2017-12-04 23:44 - 2017-12-04 23:44 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\hojjqnvoco.exe
2017-12-04 17:33 - 2017-12-04 17:33 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\htwtsipxqo.exe
2017-12-04 21:30 - 2017-12-04 21:30 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\hvxipwgmvk.exe
2017-12-04 23:44 - 2017-12-04 23:44 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\hzvwtscjpb.exe
2017-12-04 20:07 - 2017-12-04 20:07 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\ilrysuvzku.exe
2017-12-04 23:02 - 2017-12-04 23:02 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\imcfhndokt.exe
2017-12-04 18:56 - 2017-12-04 18:56 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\islzhskhtm.exe
2017-12-04 22:42 - 2017-12-04 22:42 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\jgqbtvcnro.exe
2017-12-04 19:37 - 2017-12-04 19:37 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\jjfeqotigp.exe
2017-12-04 17:54 - 2017-12-04 17:54 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\jptkublzff.exe
2017-12-04 18:04 - 2017-12-04 18:04 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\jspawpsuwf.exe
2017-12-04 23:02 - 2017-12-04 23:02 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\kljvfkrjqb.exe
2017-12-04 20:39 - 2017-12-04 20:39 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ladkysjdbf.exe
2017-12-04 20:49 - 2017-12-04 20:49 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\ldjlgudsgg.exe
2017-12-04 20:38 - 2017-12-04 20:38 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\lhaceapzif.exe
2017-12-04 18:56 - 2017-12-04 18:56 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\lkcefbioui.exe
2017-12-04 22:11 - 2017-12-04 22:11 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\lkfwwrqxpm.exe
2017-12-04 22:11 - 2017-12-04 22:11 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\lnqbzwpacz.exe
2016-09-16 09:46 - 2016-09-16 09:46 - 000038400 _____ (NVIDIA Corporation) C:\Users\Jerome\AppData\Local\Temp\lovelies.dll
2017-12-04 18:25 - 2017-12-04 18:25 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\lpfhumbmkc.exe
2017-12-04 20:49 - 2017-12-04 20:49 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\lsygdpxytt.exe
2017-12-04 23:13 - 2017-12-04 23:13 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ltmehqnrms.exe
2017-12-04 18:04 - 2017-12-04 18:04 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\msfguzqbxt.exe
2017-12-04 19:37 - 2017-12-04 19:37 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\mxkwdtkvmy.exe
2017-12-05 00:04 - 2017-12-05 00:04 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\mzkpzxrplh.exe
2016-09-14 13:45 - 2016-09-14 13:45 - 000025600 _____ (Dell Inc.) C:\Users\Jerome\AppData\Local\Temp\neutralism.dll
2017-12-04 16:40 - 2017-12-04 16:40 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\nmeupvbive.exe
2017-12-05 00:04 - 2017-12-05 00:04 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\nvgcwtsmzu.exe
2017-12-04 21:19 - 2017-12-04 21:19 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\oobshsblet.exe
2017-12-04 20:28 - 2017-12-04 20:28 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ooouglthbj.exe
2017-12-04 18:25 - 2017-12-04 18:25 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\oownknzbdq.exe
2017-12-04 21:19 - 2017-12-04 21:19 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\osnfkxifrg.exe
2017-12-04 23:23 - 2017-12-04 23:23 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\oyjmzdunrp.exe
2017-12-04 16:18 - 2017-12-04 16:18 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\pbgffrsjjf.exe
2017-12-04 17:44 - 2017-12-04 17:44 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ppbctsvxja.exe
2017-12-04 17:44 - 2017-12-04 17:44 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\psnowwbrwn.exe
2017-12-04 17:22 - 2017-12-04 17:22 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\qcoeobirbv.exe
2017-12-04 21:51 - 2017-12-04 21:51 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\qgxzspjopb.exe
2017-12-04 21:51 - 2017-12-04 21:51 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\qkimvuqrco.exe
2017-12-04 22:21 - 2017-12-04 22:21 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\qqbhvzqdxz.exe
2017-12-04 22:52 - 2017-12-04 22:52 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\qvxmecmgrf.exe
2017-12-04 22:52 - 2017-12-04 22:52 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\qyizghlaes.exe
2017-12-04 20:59 - 2017-12-04 20:59 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\raadwxgjxs.exe
2017-12-04 20:28 - 2017-12-04 20:28 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\rffzfurxcx.exe
2017-12-04 17:22 - 2017-12-04 17:22 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\rylrlwjwoh.exe
2017-12-04 20:18 - 2017-12-04 20:18 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\sczjkdadja.exe
2017-12-04 22:31 - 2017-12-04 22:31 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\shniyxbgic.exe
2017-12-04 20:08 - 2017-12-04 20:08 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\slenfgmpyd.exe
2017-12-04 23:33 - 2017-12-04 23:33 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\snzalkgqrj.exe
2017-12-04 20:18 - 2017-12-04 20:18 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\sokwnhhfvn.exe
2017-12-04 16:19 - 2017-12-04 16:19 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\ssxldairjt.exe
2017-12-04 22:21 - 2017-12-04 22:21 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\stdawevnca.exe
2017-12-04 19:17 - 2017-12-04 19:17 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\tawpqrhsgw.exe
2017-12-04 19:58 - 2017-12-04 19:58 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tdmcagibxv.exe
2017-12-04 23:33 - 2017-12-04 23:33 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tkwnifzoew.exe
2017-12-04 22:00 - 2017-12-04 22:00 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tlinmbbgkb.exe
2017-12-04 18:46 - 2017-12-04 18:46 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tsvthezpna.exe
2017-12-04 21:40 - 2017-12-04 21:40 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tvhrpxpoqp.exe
2017-12-04 18:46 - 2017-12-04 18:46 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\uokgehbvan.exe
2017-12-04 17:11 - 2017-12-04 17:11 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\uuodldzcdy.exe
2017-12-04 19:17 - 2017-12-04 19:17 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\uxlcnniyuj.exe
2017-12-04 17:12 - 2017-12-04 17:12 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\uxziohgeqm.exe
2017-12-04 19:57 - 2017-12-04 19:57 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\vcdzyigjyj.exe
2017-12-04 16:30 - 2017-12-04 16:30 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\vdstglisus.exe
2017-06-28 09:45 - 2017-06-28 09:46 - 032100680 _____ () C:\Users\Jerome\AppData\Local\Temp\vlc-2.2.6-win64.exe
2017-12-04 16:30 - 2017-12-04 16:30 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\vsggehjxhf.exe
2017-12-04 23:12 - 2017-12-04 23:12 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\vtybzovrmr.exe
2017-12-04 16:08 - 2017-12-04 16:08 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\vveazqzfeg.exe
2017-12-04 23:23 - 2017-12-04 23:23 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wgxmlsdxzz.exe
2017-12-04 19:47 - 2017-12-04 19:47 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wkhuryixzj.exe
2017-12-04 21:40 - 2017-12-04 21:40 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\wmxwohnwjd.exe
2017-12-04 19:47 - 2017-12-04 19:47 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\woshucpzlw.exe
2017-12-04 16:51 - 2017-12-04 16:51 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wqaclipczk.exe
2017-12-04 18:35 - 2017-12-04 18:35 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wsrdtqkjds.exe
2017-12-04 18:35 - 2017-12-04 18:35 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wvdqvurlpf.exe
2017-12-04 21:00 - 2017-12-04 21:00 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\xopurwgoir.exe
2017-12-04 17:33 - 2017-12-04 17:33 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\xtrdopxhbe.exe
2017-12-04 19:06 - 2017-12-04 19:06 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\yaqkntowsz.exe
2017-12-04 19:06 - 2017-12-04 19:06 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\ypektctsrz.exe
2017-12-04 22:42 - 2017-12-04 22:42 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\yvzuaznxyi.exe
2017-12-04 16:51 - 2017-12-04 16:51 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\zhqhjsnkzy.exe
2017-12-04 17:01 - 2017-12-04 17:01 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\zsxkigvalm.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-01 15:27

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Jerome (05-12-2017 00:21:37)
Running from C:\Users\Jerome\Downloads
Windows 7 Ultimate (X64) (2017-04-01 03:30:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1141224537-1566625622-1964642510-500 - Administrator - Disabled)
Guest (S-1-5-21-1141224537-1566625622-1964642510-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1141224537-1566625622-1964642510-1002 - Limited - Enabled)
Jerome (S-1-5-21-1141224537-1566625622-1964642510-1000 - Administrator - Enabled) => C:\Users\Jerome

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Conexant Audio Driver For AMD HDMI/DP Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.32.50 - Conexant)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Program4Pc PC Image Editor (HKLM-x32\...\{29A01513-64A8-4543-AF3C-C2E4CD7FFE1A}_is1) (Version: 5.9.0.0 - Program4Pc Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7496 - Realtek Semiconductor Corp.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.10 - Synaptics Incorporated)
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {141DD205-C192-426B-9947-A32FC27B3FD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {1512A98F-446E-4F60-BE9E-CFB6A3E8F436} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1141224537-1566625622-1964642510-1000
Task: {469FC81D-D0E9-45C3-837F-85BF42A1188D} - System32\Tasks\Adasdsadas3id => C:\Users\Jerome\AppData\Roaming\svchostx64.exe [2017-12-04] () <==== ATTENTION
Task: {5123A322-EFC0-4EA0-8DA4-64987853CEC9} - System32\Tasks\{7B68003A-F945-4E7C-A61D-DA828A60B41D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {968A22A1-0275-4695-B2D4-042FD7ED05B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {9FBF3A29-503A-40E2-BD62-BF91332740F2} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jerome-PC-Jerome Jerome-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {E9C41C62-CCBF-4768-A386-F9F022DE1F22} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ALEAH-PC-Jerome Aleah-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {EAE5977A-9435-42D9-9298-0433ACDC0DA9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-10-01 20:36 - 2012-10-01 20:36 - 006522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-04 15:55 - 2017-12-04 15:55 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
2017-12-04 16:05 - 2017-12-04 16:01 - 000097063 __RSH () C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe
2017-04-01 12:49 - 2017-04-01 12:49 - 023621808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_144.dll
2017-12-05 00:14 - 2017-12-05 00:14 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe
2017-12-05 00:15 - 2017-12-05 00:15 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe
2017-12-04 15:56 - 2017-12-04 15:55 - 000411133 ___SH () C:\Users\Jerome\AppData\Roaming\svchostx64.exe
2017-08-17 16:51 - 2017-08-17 16:51 - 001993184 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 006522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2017-09-30 08:00 - 000000865 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.22.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F6ADCFF5-F884-44F8-A4EF-0F5CF759F8E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A1FCF24-4A30-491B-8E0E-C700C2684268}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CFE2533A-1A8E-4694-ACB1-4968CC0CB40F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{121A1CC9-D3EE-4109-B01B-DE56BF7B480A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DC237C0E-5807-4373-A20F-ECCFD872276A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E15237F-3E9F-43AA-A6C4-C5104ED25683}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E7951274-B8D0-4EBC-92D6-2ECAA1CED349}] => (Allow) C:\Users\Jerome\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A9065BA6-0B98-4C01-949D-C7053958A067}] => (Allow) C:\Users\Jerome\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{065FA1A5-5BBC-4D77-A166-64DC3D6A7FF7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{4751BB15-B1F8-47C3-98D5-81D7274EE0DC}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{DCC8924E-C16F-47AE-9FEA-23301FE857AE}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe

==================== Restore Points =========================

24-11-2017 12:24:28 Scheduled Checkpoint
01-12-2017 15:34:31 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2017 12:21:35 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 12:21:35 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 12:21:35 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 12:21:35 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 12:20:38 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 12:20:38 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 12:20:38 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 12:20:38 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 12:20:01 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 12:20:01 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)


System errors:
=============
Error: (12/05/2017 12:21:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 21 time(s).

Error: (12/05/2017 12:21:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.

Error: (12/05/2017 12:20:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 20 time(s).

Error: (12/05/2017 12:20:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.

Error: (12/05/2017 12:20:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 19 time(s).

Error: (12/05/2017 12:20:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.

Error: (12/05/2017 12:19:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 18 time(s).

Error: (12/05/2017 12:19:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.

Error: (12/05/2017 12:19:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 17 time(s).

Error: (12/05/2017 12:19:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================
  Date: 2017-04-01 12:18:54.973
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RTKVHD64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-01 12:18:54.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RTKVHD64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-01 12:16:41.624
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RTKVHD64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-01 12:16:41.515
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RTKVHD64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-01 12:05:38.784
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RTKVHD64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-04-01 12:05:38.737
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RTKVHD64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A8-5545M APU with Radeon™ HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 5321.89 MB
Available physical RAM: 2661.19 MB
Total Virtual: 10641.93 MB
Available Virtual: 7675.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:104.39 GB) (Free:15.11 GB) NTFS
Drive d: () (Fixed) (Total:361.27 GB) (Free:320.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6CE6BB76)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=361.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   27.78KB   13 downloads

Run FRST and press Fix
A fix log will be generated please post that


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


Download aswMBR.exe  to your desktop.
The link is a direct download so the page won't change.

Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to  C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply

If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

 


 


  • 0

#3
lhey

lhey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Hi!

 

Pease se below fixlog txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Jerome (05-12-2017 16:10:19) Run:1
Running from C:\Users\Jerome\Downloads
Loaded Profiles: Jerome (Available Profiles: Jerome)
Boot Mode: Normal
==============================================

fixlist content:
*****************
() C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
() C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
() C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe
C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe
C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe
C:\Users\Jerome\AppData\Roaming\svchostx64.exe
C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe
C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe
C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe
C:\Users\Jerome\AppData\Roaming\svchostx64.exe
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\Run: [Microsoft Windows Manager] => C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe [97063 2017-12-04] ()
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\RunOnce: [Adobe Speed Launcher] => 1512343532
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\CurrentVersion\Windows: [Load] C:\Users\Jerome\LOCALS~1\Temp\mszibaih.scr <==== ATTENTION
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\MountPoints2: F - F:\USBNB.exe
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\MountPoints2: {eb59c5d0-ab00-11e7-bf81-3c77e6d88d6c} - F:\USBNB.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
CMD: Type C:\Users\Jerome\AppData\Roaming\winmgr.txt
2017-12-04 16:07 - 2017-12-04 16:18 - 000000000 ____H C:\Users\Jerome\AppData\Roaming\winmgr.txt
2017-12-04 16:05 - 2017-12-04 16:05 - 000000000 _RSHD C:\Users\Jerome\M-50500586850859759959469767487936945749799505950
2017-12-04 15:56 - 2017-12-04 15:56 - 000003482 _____ C:\Windows\System32\Tasks\Adasdsadas3id
2017-12-04 15:56 - 2017-12-04 15:55 - 000411133 ___SH C:\Users\Jerome\AppData\Roaming\svchostx64.exe
017-12-04 15:55 - 2017-12-04 15:55 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
2017-12-04 15:59 - 2017-12-04 15:59 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01d6c1f0.exe
2017-12-04 16:39 - 2017-12-04 16:39 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01fbaf4c.exe
2017-12-04 16:40 - 2017-12-04 16:40 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01fc09aa.exe
2017-12-04 16:40 - 2017-12-04 16:40 - 000097063 ___SH () C:\Users\Jerome\AppData\Local\Temp\01fcc03c.exe
2017-12-04 16:41 - 2017-12-04 16:41 - 000097063 ___SH () C:\Users\Jerome\AppData\Local\Temp\01fd68bb.exe
2017-12-04 16:54 - 2017-12-04 16:54 - 000097063 ___SH () C:\Users\Jerome\AppData\Local\Temp\02095de2.exe
2017-12-04 16:54 - 2017-12-04 16:54 - 000097063 ___SH () C:\Users\Jerome\AppData\Local\Temp\0209aceb.exe
2017-12-04 21:09 - 2017-12-04 21:09 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\agvwojdopp.exe
2017-12-05 00:15 - 2017-12-05 00:15 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe
2017-12-05 00:14 - 2017-12-05 00:14 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe
2017-12-04 17:01 - 2017-12-04 17:01 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\cvrvjmskyn.exe
2017-12-04 21:09 - 2017-12-04 21:09 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\duaobocteq.exe
2017-12-04 21:30 - 2017-12-04 21:30 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ehsqtrhzpj.exe
2017-12-04 18:15 - 2017-12-04 18:15 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\eqcowpxtcw.exe
2017-12-04 23:54 - 2017-12-04 23:54 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\fhzhrtfyvp.exe
2017-12-04 16:41 - 2017-12-04 16:41 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\fjornqobgd.exe
2017-12-04 22:31 - 2017-12-04 22:31 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\fufqyokkdv.exe
2017-12-04 22:00 - 2017-12-04 22:00 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\gumsbguive.exe
2017-12-04 17:54 - 2017-12-04 17:54 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\gurabohpse.exe
2017-12-04 23:54 - 2017-12-04 23:54 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\hktssgkiaq.exe
2017-12-04 18:15 - 2017-12-04 18:15 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\hlwyxdcdhf.exe
2017-12-04 23:44 - 2017-12-04 23:44 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\hojjqnvoco.exe
2017-12-04 17:33 - 2017-12-04 17:33 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\htwtsipxqo.exe
2017-12-04 21:30 - 2017-12-04 21:30 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\hvxipwgmvk.exe
2017-12-04 23:44 - 2017-12-04 23:44 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\hzvwtscjpb.exe
2017-12-04 20:07 - 2017-12-04 20:07 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\ilrysuvzku.exe
2017-12-04 23:02 - 2017-12-04 23:02 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\imcfhndokt.exe
2017-12-04 18:56 - 2017-12-04 18:56 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\islzhskhtm.exe
2017-12-04 22:42 - 2017-12-04 22:42 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\jgqbtvcnro.exe
2017-12-04 19:37 - 2017-12-04 19:37 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\jjfeqotigp.exe
2017-12-04 17:54 - 2017-12-04 17:54 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\jptkublzff.exe
2017-12-04 18:04 - 2017-12-04 18:04 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\jspawpsuwf.exe
2017-12-04 23:02 - 2017-12-04 23:02 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\kljvfkrjqb.exe
2017-12-04 20:39 - 2017-12-04 20:39 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ladkysjdbf.exe
2017-12-04 20:49 - 2017-12-04 20:49 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\ldjlgudsgg.exe
2017-12-04 20:38 - 2017-12-04 20:38 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\lhaceapzif.exe
2017-12-04 18:56 - 2017-12-04 18:56 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\lkcefbioui.exe
2017-12-04 22:11 - 2017-12-04 22:11 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\lkfwwrqxpm.exe
2017-12-04 22:11 - 2017-12-04 22:11 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\lnqbzwpacz.exe
2016-09-16 09:46 - 2016-09-16 09:46 - 000038400 _____ (NVIDIA Corporation) C:\Users\Jerome\AppData\Local\Temp\lovelies.dll
2017-12-04 18:25 - 2017-12-04 18:25 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\lpfhumbmkc.exe
2017-12-04 20:49 - 2017-12-04 20:49 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\lsygdpxytt.exe
2017-12-04 23:13 - 2017-12-04 23:13 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ltmehqnrms.exe
2017-12-04 18:04 - 2017-12-04 18:04 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\msfguzqbxt.exe
2017-12-04 19:37 - 2017-12-04 19:37 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\mxkwdtkvmy.exe
2017-12-05 00:04 - 2017-12-05 00:04 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\mzkpzxrplh.exe
2016-09-14 13:45 - 2016-09-14 13:45 - 000025600 _____ (Dell Inc.) C:\Users\Jerome\AppData\Local\Temp\neutralism.dll
2017-12-04 16:40 - 2017-12-04 16:40 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\nmeupvbive.exe
2017-12-05 00:04 - 2017-12-05 00:04 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\nvgcwtsmzu.exe
2017-12-04 21:19 - 2017-12-04 21:19 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\oobshsblet.exe
2017-12-04 20:28 - 2017-12-04 20:28 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ooouglthbj.exe
2017-12-04 18:25 - 2017-12-04 18:25 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\oownknzbdq.exe
2017-12-04 21:19 - 2017-12-04 21:19 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\osnfkxifrg.exe
2017-12-04 23:23 - 2017-12-04 23:23 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\oyjmzdunrp.exe
2017-12-04 16:18 - 2017-12-04 16:18 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\pbgffrsjjf.exe
2017-12-04 17:44 - 2017-12-04 17:44 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ppbctsvxja.exe
2017-12-04 17:44 - 2017-12-04 17:44 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\psnowwbrwn.exe
2017-12-04 17:22 - 2017-12-04 17:22 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\qcoeobirbv.exe
2017-12-04 21:51 - 2017-12-04 21:51 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\qgxzspjopb.exe
2017-12-04 21:51 - 2017-12-04 21:51 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\qkimvuqrco.exe
2017-12-04 22:21 - 2017-12-04 22:21 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\qqbhvzqdxz.exe
2017-12-04 22:52 - 2017-12-04 22:52 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\qvxmecmgrf.exe
2017-12-04 22:52 - 2017-12-04 22:52 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\qyizghlaes.exe
2017-12-04 20:59 - 2017-12-04 20:59 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\raadwxgjxs.exe
2017-12-04 20:28 - 2017-12-04 20:28 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\rffzfurxcx.exe
2017-12-04 17:22 - 2017-12-04 17:22 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\rylrlwjwoh.exe
2017-12-04 20:18 - 2017-12-04 20:18 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\sczjkdadja.exe
2017-12-04 22:31 - 2017-12-04 22:31 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\shniyxbgic.exe
2017-12-04 20:08 - 2017-12-04 20:08 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\slenfgmpyd.exe
2017-12-04 23:33 - 2017-12-04 23:33 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\snzalkgqrj.exe
2017-12-04 20:18 - 2017-12-04 20:18 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\sokwnhhfvn.exe
2017-12-04 16:19 - 2017-12-04 16:19 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\ssxldairjt.exe
2017-12-04 22:21 - 2017-12-04 22:21 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\stdawevnca.exe
2017-12-04 19:17 - 2017-12-04 19:17 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\tawpqrhsgw.exe
2017-12-04 19:58 - 2017-12-04 19:58 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tdmcagibxv.exe
2017-12-04 23:33 - 2017-12-04 23:33 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tkwnifzoew.exe
2017-12-04 22:00 - 2017-12-04 22:00 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tlinmbbgkb.exe
2017-12-04 18:46 - 2017-12-04 18:46 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tsvthezpna.exe
2017-12-04 21:40 - 2017-12-04 21:40 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tvhrpxpoqp.exe
2017-12-04 18:46 - 2017-12-04 18:46 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\uokgehbvan.exe
2017-12-04 17:11 - 2017-12-04 17:11 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\uuodldzcdy.exe
2017-12-04 19:17 - 2017-12-04 19:17 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\uxlcnniyuj.exe
2017-12-04 17:12 - 2017-12-04 17:12 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\uxziohgeqm.exe
2017-12-04 19:57 - 2017-12-04 19:57 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\vcdzyigjyj.exe
2017-12-04 16:30 - 2017-12-04 16:30 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\vdstglisus.exe
2017-06-28 09:45 - 2017-06-28 09:46 - 032100680 _____ () C:\Users\Jerome\AppData\Local\Temp\vlc-2.2.6-win64.exe
2017-12-04 16:30 - 2017-12-04 16:30 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\vsggehjxhf.exe
2017-12-04 23:12 - 2017-12-04 23:12 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\vtybzovrmr.exe
2017-12-04 16:08 - 2017-12-04 16:08 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\vveazqzfeg.exe
2017-12-04 23:23 - 2017-12-04 23:23 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wgxmlsdxzz.exe
2017-12-04 19:47 - 2017-12-04 19:47 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wkhuryixzj.exe
2017-12-04 21:40 - 2017-12-04 21:40 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\wmxwohnwjd.exe
2017-12-04 19:47 - 2017-12-04 19:47 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\woshucpzlw.exe
2017-12-04 16:51 - 2017-12-04 16:51 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wqaclipczk.exe
2017-12-04 18:35 - 2017-12-04 18:35 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wsrdtqkjds.exe
2017-12-04 18:35 - 2017-12-04 18:35 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wvdqvurlpf.exe
2017-12-04 21:00 - 2017-12-04 21:00 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\xopurwgoir.exe
2017-12-04 17:33 - 2017-12-04 17:33 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\xtrdopxhbe.exe
2017-12-04 19:06 - 2017-12-04 19:06 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\yaqkntowsz.exe
2017-12-04 19:06 - 2017-12-04 19:06 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\ypektctsrz.exe
2017-12-04 22:42 - 2017-12-04 22:42 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\yvzuaznxyi.exe
2017-12-04 16:51 - 2017-12-04 16:51 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\zhqhjsnkzy.exe
2017-12-04 17:01 - 2017-12-04 17:01 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\zsxkigvalm.exe
Task: {469FC81D-D0E9-45C3-837F-85BF42A1188D} - System32\Tasks\Adasdsadas3id => C:\Users\Jerome\AppData\Roaming\svchostx64.exe [2017-12-04] () <==== ATTENTION
Task: {5123A322-EFC0-4EA0-8DA4-64987853CEC9} - System32\Tasks\{7B68003A-F945-4E7C-A61D-DA828A60B41D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?source=lightinstaller&page=tsInstall
C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe
C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_144.dll
C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe
C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe
C:\Users\Jerome\AppData\Roaming\svchostx64.exe
EmptyTemp:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

*****************

C:\Users\Jerome\AppData\Local\Temp\01d30382.exe => No running process found
C:\Users\Jerome\AppData\Local\Temp\01d30382.exe => No running process found
C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe => No running process found
C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe => moved successfully
Could not move "C:\Users\Jerome\AppData\Roaming\svchostx64.exe" => Scheduled to move on reboot.
C:\Users\Jerome\AppData\Local\Temp\01d30382.exe => moved successfully
"C:\Users\Jerome\AppData\Local\Temp\01d30382.exe" => not found.
C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe => moved successfully
"C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe" => not found.
Could not move "C:\Users\Jerome\AppData\Roaming\svchostx64.exe" => Scheduled to move on reboot.
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Manager => value removed successfully
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value removed successfully
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value removed successfully
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key removed successfully
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb59c5d0-ab00-11e7-bf81-3c77e6d88d6c} => key removed successfully
HKLM\Software\Classes\CLSID\{eb59c5d0-ab00-11e7-bf81-3c77e6d88d6c} => key not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully
C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe => moved successfully
HKLM\System\CurrentControlSet\Services\McComponentHostService => key removed successfully
McComponentHostService => service removed successfully

========= Type C:\Users\Jerome\AppData\Roaming\winmgr.txt =========

The process cannot access the file because it is being used by another process.

========= End of CMD: =========

Could not move "C:\Users\Jerome\AppData\Roaming\winmgr.txt" => Scheduled to move on reboot.
C:\Users\Jerome\M-50500586850859759959469767487936945749799505950 => moved successfully
C:\Windows\System32\Tasks\Adasdsadas3id => moved successfully
Could not move "C:\Users\Jerome\AppData\Roaming\svchostx64.exe" => Scheduled to move on reboot.
017-12-04 15:55 - 2017-12-04 15:55 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01d30382.exe => Error: No automatic fix found for this entry.
C:\Users\Jerome\AppData\Local\Temp\01d6c1f0.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\01fbaf4c.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\01fc09aa.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\01fcc03c.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\01fd68bb.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\02095de2.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\0209aceb.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\agvwojdopp.exe => moved successfully
"C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe" => not found.
C:\Users\Jerome\AppData\Local\Temp\cvrvjmskyn.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\duaobocteq.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\ehsqtrhzpj.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\eqcowpxtcw.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\fhzhrtfyvp.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\fjornqobgd.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\fufqyokkdv.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\gumsbguive.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\gurabohpse.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\hktssgkiaq.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\hlwyxdcdhf.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\hojjqnvoco.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\htwtsipxqo.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\hvxipwgmvk.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\hzvwtscjpb.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\ilrysuvzku.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\imcfhndokt.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\islzhskhtm.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\jgqbtvcnro.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\jjfeqotigp.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\jptkublzff.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\jspawpsuwf.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\kljvfkrjqb.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\ladkysjdbf.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\ldjlgudsgg.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\lhaceapzif.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\lkcefbioui.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\lkfwwrqxpm.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\lnqbzwpacz.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\lovelies.dll => moved successfully
C:\Users\Jerome\AppData\Local\Temp\lpfhumbmkc.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\lsygdpxytt.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\ltmehqnrms.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\msfguzqbxt.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\mxkwdtkvmy.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\mzkpzxrplh.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\neutralism.dll => moved successfully
C:\Users\Jerome\AppData\Local\Temp\nmeupvbive.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\nvgcwtsmzu.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\oobshsblet.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\ooouglthbj.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\oownknzbdq.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\osnfkxifrg.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\oyjmzdunrp.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\pbgffrsjjf.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\ppbctsvxja.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\psnowwbrwn.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\qcoeobirbv.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\qgxzspjopb.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\qkimvuqrco.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\qqbhvzqdxz.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\qvxmecmgrf.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\qyizghlaes.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\raadwxgjxs.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\rffzfurxcx.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\rylrlwjwoh.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\sczjkdadja.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\shniyxbgic.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\slenfgmpyd.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\snzalkgqrj.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\sokwnhhfvn.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\ssxldairjt.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\stdawevnca.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\tawpqrhsgw.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\tdmcagibxv.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\tkwnifzoew.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\tlinmbbgkb.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\tsvthezpna.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\tvhrpxpoqp.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\uokgehbvan.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\uuodldzcdy.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\uxlcnniyuj.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\uxziohgeqm.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\vcdzyigjyj.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\vdstglisus.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\vlc-2.2.6-win64.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\vsggehjxhf.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\vtybzovrmr.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\vveazqzfeg.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\wgxmlsdxzz.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\wkhuryixzj.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\wmxwohnwjd.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\woshucpzlw.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\wqaclipczk.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\wsrdtqkjds.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\wvdqvurlpf.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\xopurwgoir.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\xtrdopxhbe.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\yaqkntowsz.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\ypektctsrz.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\yvzuaznxyi.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\zhqhjsnkzy.exe => moved successfully
C:\Users\Jerome\AppData\Local\Temp\zsxkigvalm.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{469FC81D-D0E9-45C3-837F-85BF42A1188D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{469FC81D-D0E9-45C3-837F-85BF42A1188D} => key removed successfully
C:\Windows\System32\Tasks\Adasdsadas3id => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adasdsadas3id => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5123A322-EFC0-4EA0-8DA4-64987853CEC9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5123A322-EFC0-4EA0-8DA4-64987853CEC9} => key removed successfully
C:\Windows\System32\Tasks\{7B68003A-F945-4E7C-A61D-DA828A60B41D} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7B68003A-F945-4E7C-A61D-DA828A60B41D} => key removed successfully
"C:\Users\Jerome\AppData\Local\Temp\01d30382.exe" => not found.
"C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe" => not found.
C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_144.dll => moved successfully
"C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe" => not found.
Could not move "C:\Users\Jerome\AppData\Roaming\svchostx64.exe" => Scheduled to move on reboot.

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-RMS-MSIPC/Debug. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 148627030 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 17717107 B
Edge => 0 B
Chrome => 0 B
Firefox => 30616586 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 45862855 B
systemprofile32 => 11189092 B
LocalService => 66708 B
NetworkService => 109538 B
Jerome => 1362419512 B

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-12-2017 18:57:12)

==> ATTENTION: System is not rebooted.
C:\Users\Jerome\AppData\Roaming\svchostx64.exe => Is moved successfully
C:\Users\Jerome\AppData\Roaming\svchostx64.exe => Is moved successfully
C:\Users\Jerome\AppData\Roaming\winmgr.txt => moved successfully
C:\Users\Jerome\AppData\Roaming\svchostx64.exe => Is moved successfully
C:\Users\Jerome\AppData\Roaming\svchostx64.exe => Is moved successfully

==== End of Fixlog 18:57:12 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Jerome (administrator) on ALEAH-PC (05-12-2017 19:14:23)
Running from C:\Users\Jerome\Downloads
Loaded Profiles: Jerome (Available Profiles: Jerome)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AbeGunnerZ Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Jerome\M-50508688597494509743974594749749547979040570\winmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Jerome\AppData\Local\Temp\111919171318.exe
() C:\Users\Jerome\AppData\Local\Temp\111919171318.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Jerome\AppData\Roaming\svchostx64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [242552 2013-09-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-01-31] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [2347008 2011-11-10] (AbeGunnerZ Lab)
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\Run: [Microsoft Windows Manager] => C:\Users\Jerome\M-50508688597494509743974594749749547979040570\winmgr.exe [89426 2017-12-05] ()
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\RunOnce: [Adobe Speed Launcher] => 1512471375

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.22.1
Tcpip\..\Interfaces\{2DCE6236-84C4-4BF9-BE5C-3542EFF0DB10}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{3463424D-9329-4D2B-BF92-7D2A7834773B}: [DhcpNameServer] 192.168.22.1
Tcpip\..\Interfaces\{C1EAB9E2-5F32-4361-B97A-E85AAEE37779}: [DhcpNameServer] 192.168.22.1

Internet Explorer:
==================
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1141224537-1566625622-1964642510-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: oi0my0ey.default
FF ProfilePath: C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\oi0my0ey.default [2017-12-05]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\oi0my0ey.default\features\{b3598417-3003-4bc3-a996-ed336f95439a}\[email protected] [2017-11-22] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_144.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_144.dll [2017-04-01] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-04-09] (Broadcom Corporation.)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [722488 2010-04-29] (Conexant Systems Inc.)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [827096 2015-02-06] (Realsil Semiconductor Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 19:07 - 2017-12-05 19:17 - 000000000 ____H C:\Users\Jerome\AppData\Roaming\winmgr.txt
2017-12-05 18:58 - 2017-12-05 18:58 - 000417437 _____ C:\Users\Jerome\AppData\Roaming\svchostx64.exe
2017-12-05 18:58 - 2017-12-05 18:58 - 000003482 _____ C:\Windows\System32\Tasks\Adasdsadas3id
2017-12-05 16:30 - 2017-12-05 16:30 - 000000000 _RSHD C:\Users\Jerome\M-50508688597494509743974594749749547979040570
2017-12-05 16:10 - 2017-12-05 18:57 - 000027950 _____ C:\Users\Jerome\Downloads\Fixlog.txt
2017-12-05 16:05 - 2017-12-05 16:10 - 000014222 _____ C:\Users\Jerome\Downloads\fixlist.txt
2017-12-05 12:28 - 2017-12-05 12:28 - 000000000 _RSHD C:\Users\Jerome\M-5050236236598635632592689365026523065306405
2017-12-05 00:19 - 2017-12-05 00:19 - 000000000 ____D C:\Users\Jerome\Downloads\FRST-OlderVersion
2017-12-03 12:30 - 2017-12-03 12:33 - 000000000 ____D C:\Users\Jerome\Documents\keisha's poem
2017-12-01 22:09 - 2017-12-01 22:09 - 000035797 _____ C:\Users\Jerome\Documents\Presentation1.pptx
2017-12-01 21:59 - 2017-12-01 21:59 - 000000037 ____H C:\Users\Jerome\Downloads\.picasa.ini
2017-11-21 09:08 - 2017-12-05 00:22 - 000020132 _____ C:\Users\Jerome\Downloads\Addition.txt
2017-11-21 09:07 - 2017-12-05 19:15 - 000008592 _____ C:\Users\Jerome\Downloads\FRST.txt
2017-11-21 09:07 - 2017-12-05 19:14 - 000000000 ____D C:\FRST
2017-11-21 09:04 - 2017-12-05 00:19 - 002391552 _____ (Farbar) C:\Users\Jerome\Downloads\FRST64.exe
2017-11-21 08:31 - 2017-12-05 19:17 - 000004960 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ALEAH-PC-Jerome Aleah-PC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 19:02 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-05 19:02 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2017-12-05 18:59 - 2017-06-20 08:41 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\Skype
2017-12-05 18:57 - 2017-04-11 09:43 - 000000000 ____D C:\Users\Jerome\AppData\LocalLow\Mozilla
2017-12-05 18:56 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-05 18:54 - 2017-04-01 12:20 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-12-05 18:54 - 2009-07-14 12:45 - 000009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-05 18:54 - 2009-07-14 12:45 - 000009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-05 16:30 - 2017-04-01 11:31 - 000000000 ____D C:\Users\Jerome
2017-12-05 16:23 - 2017-04-01 15:34 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\vlc
2017-12-05 16:13 - 2017-04-24 17:05 - 000000000 ___SD C:\Users\Jerome\AppData\LocalLow\Temp
2017-12-02 14:50 - 2017-10-21 13:22 - 000000000 ____D C:\Users\Jerome\Documents\keisha's wallpapers
2017-12-01 19:54 - 2017-10-07 14:19 - 000000000 ____D C:\Users\Jerome\Documents\Zac world
2017-11-27 08:25 - 2009-07-14 13:08 - 000032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-26 15:59 - 2009-07-14 15:45 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-11-26 15:44 - 2017-04-05 12:31 - 000000000 ____D C:\Users\Jerome\Documents\Custom Office Templates
2017-11-25 09:53 - 2017-05-28 02:14 - 000000000 ____D C:\Users\Jerome\Documents\Chad
2017-11-21 08:18 - 2017-05-07 15:48 - 000004966 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jerome-PC-Jerome Jerome-PC
2017-11-19 02:02 - 2017-08-17 19:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-18 09:15 - 2017-04-01 12:53 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\Mozilla
2017-11-18 09:15 - 2017-04-01 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-16 21:34 - 2017-10-07 14:21 - 000000000 ____D C:\Users\Jerome\Documents\subject projects
2017-11-16 21:24 - 2017-04-07 18:51 - 000000000 ___RD C:\Users\Jerome\Documents\Notes
2017-11-16 21:23 - 2017-07-15 17:11 - 000000000 ____D C:\Users\Jerome\Documents\Border's
2017-11-15 18:13 - 2017-04-24 16:58 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\uTorrent
2017-11-13 08:28 - 2017-11-04 18:47 - 000183028 _____ C:\Users\Jerome\Documents\resume-new.pdf

==================== Files in the root of some directories =======

2017-12-05 18:58 - 2017-12-05 18:58 - 000417437 _____ () C:\Users\Jerome\AppData\Roaming\svchostx64.exe
2017-12-05 19:07 - 2017-12-05 19:17 - 000000000 ____H () C:\Users\Jerome\AppData\Roaming\winmgr.txt

Some files in TEMP:
====================
2017-12-05 16:44 - 2017-12-05 16:44 - 000089426 ___SH () C:\Users\Jerome\AppData\Local\Temp\0195ec97.exe
2017-12-05 18:37 - 2017-12-05 18:37 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\101416141310.exe
2017-12-05 17:36 - 2017-12-05 17:36 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\101519111716.exe
2017-12-05 17:14 - 2017-12-05 17:14 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\101912181614.exe
2017-12-05 18:07 - 2017-12-05 18:07 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\111414141018.exe
2017-12-05 17:25 - 2017-12-05 17:25 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\111718121911.exe
2017-12-05 18:27 - 2017-12-05 18:27 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\111818171017.exe
2017-12-05 18:57 - 2017-12-05 18:58 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\111919171318.exe
2017-12-05 18:17 - 2017-12-05 18:17 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\121018131317.exe
2017-12-05 16:34 - 2017-12-05 16:34 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\121219111217.exe
2017-12-05 16:44 - 2017-12-05 16:44 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\131018141316.exe
2017-12-05 18:47 - 2017-12-05 18:47 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\131113191815.exe
2017-12-05 18:37 - 2017-12-05 18:37 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\131217101219.exe
2017-12-05 17:04 - 2017-12-05 17:04 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\141219151818.exe
2017-12-05 17:56 - 2017-12-05 17:56 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\141411121111.exe
2017-12-05 17:04 - 2017-12-05 17:04 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\141514191210.exe
2017-12-05 18:27 - 2017-12-05 18:27 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\141610141916.exe
2017-12-05 16:54 - 2017-12-05 16:54 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\141611161815.exe
2017-12-05 17:14 - 2017-12-05 17:14 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\141616171718.exe
2017-12-05 17:46 - 2017-12-05 17:46 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\151012131415.exe
2017-12-05 17:25 - 2017-12-05 17:25 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\151519181919.exe
2017-12-05 18:17 - 2017-12-05 18:17 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\151819191316.exe
2017-12-05 18:47 - 2017-12-05 18:47 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\161216161714.exe
2017-12-05 18:07 - 2017-12-05 18:07 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\161415111917.exe
2017-12-05 19:07 - 2017-12-05 19:07 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\161416191114.exe
2017-12-05 19:18 - 2017-12-05 19:18 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\161916121416.exe
2017-12-05 17:46 - 2017-12-05 17:46 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\171319181917.exe
2017-12-05 16:34 - 2017-12-05 16:34 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\171418121618.exe
2017-12-05 19:18 - 2017-12-05 19:18 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\171418171610.exe
2017-12-05 16:44 - 2017-12-05 16:44 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\181313131811.exe
2017-12-05 17:36 - 2017-12-05 17:36 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\191219161512.exe
2017-12-05 18:57 - 2017-12-05 18:57 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\191612121716.exe
2017-12-05 17:56 - 2017-12-05 17:56 - 000089426 _____ () C:\Users\Jerome\AppData\Local\Temp\191619131512.exe
2017-12-05 16:54 - 2017-12-05 16:54 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\191710101816.exe
2017-12-05 19:08 - 2017-12-05 19:08 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\191919191614.exe
2016-09-14 13:51 - 2016-09-14 13:51 - 000029184 _____ (Intel® Corporation) C:\Users\Jerome\AppData\Local\Temp\deconsecrations.dll
2016-09-16 10:01 - 2016-09-16 10:01 - 000036864 _____ () C:\Users\Jerome\AppData\Local\Temp\pounces.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-01 15:27

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Jerome (05-12-2017 19:21:45)
Running from C:\Users\Jerome\Downloads
Windows 7 Ultimate (X64) (2017-04-01 03:30:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1141224537-1566625622-1964642510-500 - Administrator - Disabled)
Guest (S-1-5-21-1141224537-1566625622-1964642510-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1141224537-1566625622-1964642510-1002 - Limited - Enabled)
Jerome (S-1-5-21-1141224537-1566625622-1964642510-1000 - Administrator - Enabled) => C:\Users\Jerome

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Conexant Audio Driver For AMD HDMI/DP Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.32.50 - Conexant)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Program4Pc PC Image Editor (HKLM-x32\...\{29A01513-64A8-4543-AF3C-C2E4CD7FFE1A}_is1) (Version: 5.9.0.0 - Program4Pc Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7496 - Realtek Semiconductor Corp.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.10 - Synaptics Incorporated)
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {141DD205-C192-426B-9947-A32FC27B3FD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {1512A98F-446E-4F60-BE9E-CFB6A3E8F436} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1141224537-1566625622-1964642510-1000
Task: {968A22A1-0275-4695-B2D4-042FD7ED05B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {9FBF3A29-503A-40E2-BD62-BF91332740F2} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jerome-PC-Jerome Jerome-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {E1CA80DF-F64A-4399-BE94-44D43ADBDB3A} - System32\Tasks\Adasdsadas3id => C:\Users\Jerome\AppData\Roaming\svchostx64.exe [2017-12-05] () <==== ATTENTION
Task: {E9C41C62-CCBF-4768-A386-F9F022DE1F22} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ALEAH-PC-Jerome Aleah-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {EAE5977A-9435-42D9-9298-0433ACDC0DA9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-10-01 20:36 - 2012-10-01 20:36 - 006522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-05 16:30 - 2017-12-05 16:28 - 000089426 __RSH () C:\Users\Jerome\M-50508688597494509743974594749749547979040570\winmgr.exe
2017-12-05 18:57 - 2017-12-05 18:58 - 000417437 _____ () C:\Users\Jerome\AppData\Local\Temp\111919171318.exe
2017-12-05 18:58 - 2017-12-05 18:58 - 000417437 _____ () C:\Users\Jerome\AppData\Roaming\svchostx64.exe
2017-08-17 16:51 - 2017-08-17 16:51 - 001993184 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 006522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-05 19:21 - 2017-12-05 19:21 - 000011264 _____ () C:\Users\Jerome\AppData\Local\Temp\nsj1A55.tmp\System.dll
2016-09-16 10:01 - 2016-09-16 10:01 - 000036864 _____ () C:\Users\Jerome\AppData\Local\Temp\pounces.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2017-09-30 08:00 - 000000865 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.22.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F6ADCFF5-F884-44F8-A4EF-0F5CF759F8E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A1FCF24-4A30-491B-8E0E-C700C2684268}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CFE2533A-1A8E-4694-ACB1-4968CC0CB40F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{121A1CC9-D3EE-4109-B01B-DE56BF7B480A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DC237C0E-5807-4373-A20F-ECCFD872276A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E15237F-3E9F-43AA-A6C4-C5104ED25683}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E7951274-B8D0-4EBC-92D6-2ECAA1CED349}] => (Allow) C:\Users\Jerome\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A9065BA6-0B98-4C01-949D-C7053958A067}] => (Allow) C:\Users\Jerome\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{065FA1A5-5BBC-4D77-A166-64DC3D6A7FF7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{4751BB15-B1F8-47C3-98D5-81D7274EE0DC}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{DCC8924E-C16F-47AE-9FEA-23301FE857AE}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe

==================== Restore Points =========================

24-11-2017 12:24:28 Scheduled Checkpoint
01-12-2017 15:34:31 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2017 07:20:43 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 07:20:43 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 07:20:43 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 07:20:43 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 07:14:06 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 07:14:06 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 07:14:06 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 07:14:06 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 07:05:48 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/05/2017 07:05:48 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)


System errors:
=============
Error: (12/05/2017 07:20:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 8 time(s).

Error: (12/05/2017 07:20:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.

Error: (12/05/2017 07:14:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 7 time(s).

Error: (12/05/2017 07:14:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.

Error: (12/05/2017 07:05:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 6 time(s).

Error: (12/05/2017 07:05:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.

Error: (12/05/2017 06:58:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 5 time(s).

Error: (12/05/2017 06:58:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.

Error: (12/05/2017 06:57:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).

Error: (12/05/2017 06:57:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: AMD A8-5545M APU with Radeon™ HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 5321.89 MB
Available physical RAM: 3073.88 MB
Total Virtual: 10641.93 MB
Available Virtual: 8061.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:104.39 GB) (Free:15.66 GB) NTFS
Drive d: () (Fixed) (Total:361.27 GB) (Free:320.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6CE6BB76)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=361.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-12-05 23:21:24
-----------------------------
23:21:24.230    OS Version: Windows x64 6.1.7600
23:21:24.230    Number of processors: 4 586 0x1301
23:21:24.231    ComputerName: ALEAH-PC  UserName: Jerome
23:21:25.247    Initialize success
23:21:25.298    VM: initialized successfully
23:21:25.300    VM: Amd CPU supported
23:52:24.040    AVAST engine defs: 17030301
23:56:36.456    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
23:56:36.462    Disk 0 Vendor: HGST_HTS GG2O Size: 476940MB BusType: 11
23:56:36.591    Disk 0 MBR read successfully
23:56:36.598    Disk 0 MBR scan
23:56:36.707    Disk 0 Windows 7 default MBR code
23:56:36.741    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
23:56:36.760    Disk 0 Boot: NTFS     code=1
23:56:36.791    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       106900 MB offset 206848
23:56:36.825    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       369938 MB offset 219138048
23:56:36.955    Disk 0 scanning C:\Windows\system32\drivers
23:56:48.446    Service scanning
23:57:22.870    Modules scanning
23:57:22.885    Disk 0 trace - called modules:
23:57:22.913    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
23:57:22.919    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065c4060]
23:57:22.929    3 CLASSPNP.SYS[fffff8800190c43f] -> nt!IofCallDriver -> [0xfffffa8005f6c560]
23:57:22.935    5 amd_xata.sys[fffff880010fad00] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8005f6a6a0]
23:57:23.517    AVAST engine scan C:\
00:07:09.029    File: C:\Temp\TrustedInstaller.exe  **INFECTED** Win32:Adware-gen [Adw]
00:58:09.745    Disk 0 MBR has been saved successfully to "C:\Users\Jerome\Desktop\MBR.dat"
00:58:09.789    The log file has been saved successfully to "C:\Users\Jerome\Desktop\aswMBR.txt"


 

 

 

 

 


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Search for

task scheduler

hit Enter

 

This should bring up the Task Scheduler Window

 

Click on Task Scheduler Library

Look in the next pane to the right for

 

{E1CA80DF-F64A-4399-BE94-44D43ADBDB3A}

or

Adasdsadas3id

 

Right click on whichever you find and DISABLE.

 

Does it let you Disable it?  Or do you get an error?

 

Close Task Scheduler

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

Now in Process Explorer look for any of the following:

svchostx64.exe (Not svchost.exe)

winmgr.exe

0195ec97.exe

any file that is just 12 digits + .exe

 

Right click on each and SUSPEND.

 

 

 

Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/
 

 

Then try this fixlist just as before:

Attached File  fixlist.txt   11.26KB   12 downloads

 

Post the fixlog but don't rerun FRST yet.

 

See if you can install the free Avast.

 

https://www.avast.co...ST&locale=en-ww

 

This is the full installer - 233 MB so may take a while to download.  Save it then see if you can install it.  If it will install and is able to get updates then let it do a boot-time scan. 

 

It takes like 6 hours so I usually let it run at night.


Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

 

Now run a FRST scan as before with Addition.txt checked and post both logs.  While you have FRST open,

 

put

svchostx64.exe;winmgr.exe

in the FRST search box

 

(note the semi-colon between the two file names)

 

Hit Search Files.  You will eventually get a single file.  Post that.

 

Repeat but this time hit Search Registry.

 

hit
 


  • 0

#5
lhey

lhey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Hi!

 

Does it let you Disable it?  Or do you get an error? Yes, it let me disable. I also get the error that library is empty but I check the center pane Adasdsadas3id  I try to left click and disable it works. While in the procexp it did not find this filename 0195ec97.exe I tried the free avast I already installed. Thank You.

 

Below are the PRocexp txt, FRST,Fixlog.txt

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    19.80    0 K    24 K    0            
System    0.29    116 K    1,844 K    4            
 Interrupts    0.67    0 K    0 K    n/a    Hardware Interrupts and DPCs        
 smss.exe        540 K    1,124 K    284    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe        2,076 K    4,020 K    428    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
 conhost.exe        1,064 K    2,520 K    1292    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,652 K    4,324 K    504    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
 services.exe        5,688 K    9,164 K    568    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe    < 0.01    4,224 K    9,004 K    740    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
   WmiPrvSE.exe        2,936 K    6,192 K    3456    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        4,948 K    8,408 K    816    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  atiesrxx.exe        1,604 K    4,532 K    880    AMD External Events Service Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
   atieclxx.exe        2,688 K    7,004 K    1212    AMD External Events Client Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
  svchost.exe        20,848 K    22,248 K    940    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
   audiodg.exe        16,600 K    16,020 K    3376    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        97,224 K    106,220 K    976    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
   wlanext.exe        1,992 K    4,956 K    1284    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
   dwm.exe    0.78    30,240 K    28,048 K    2656    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe    0.05    20,832 K    33,916 K    1012    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe    < 0.01    9,952 K    16,284 K    444    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe    0.01    15,804 K    16,632 K    1112    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  spoolsv.exe        6,576 K    11,636 K    1468    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
  taskhost.exe        8,732 K    9,900 K    1508    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        13,892 K    14,984 K    1572    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  armsvc.exe        1,196 K    3,768 K    1776    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
  sppsvc.exe        2,588 K    8,168 K    1940    Microsoft Software Protection Platform Service    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        2,004 K    5,384 K    2004    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        1,860 K    4,568 K    1132    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  wmpnetwk.exe        11,068 K    13,656 K    2132    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        9,580 K    85,004 K    2680    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe    < 0.01    10,632 K    13,840 K    3624    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        52,492 K    41,324 K    3792    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
 lsass.exe        4,604 K    11,228 K    584    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
 lsm.exe        2,596 K    4,136 K    592    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    0.17    4,000 K    7,236 K    524    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
 conhost.exe        1,456 K    3,364 K    1784    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        3,112 K    7,248 K    652    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
explorer.exe    0.04    45,056 K    61,724 K    2688    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
 SynTPEnh.exe    0.49    8,436 K    14,800 K    2812    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
 Skype.exe    0.04    67,692 K    70,512 K    2860    Skype     Skype Technologies S.A.    (Verified) Skype Software Sarl
 StikyNot.exe        6,104 K    13,368 K    2868    Sticky Notes    Microsoft Corporation    (Verified) Microsoft Windows
 firefox.exe    0.74    198,636 K    272,544 K    920    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
  firefox.exe    0.17    199,856 K    250,624 K    4328    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
  firefox.exe        52,488 K    74,016 K    4420    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
  firefox.exe    1.31    147,228 K    187,868 K    3532    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
 procexp.exe        2,304 K    7,036 K    2600    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
  procexp64.exe    0.56    24,160 K    41,616 K    4436    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
USBGuard.exe    0.01    8,776 K    15,892 K    1640    USB Disk Security Pro    AbeGunnerZ Lab    (No signature was present in the subject) AbeGunnerZ Lab
SynTPHelper.exe        1,340 K    3,328 K    2288    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchostx64.exe    1.50    1,864 K    968 K    1308            (No signature was present in the subject)
 svchostx64.exe    73.36    11,020 K    7,708 K    1604            (No signature was present in the subject)
winmgr.exe    < 0.01    2,580 K    6,932 K    4528            (No signature was present in the subject)

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Jerome (06-12-2017 22:50:49) Run:2
Running from C:\Users\Jerome\Downloads
Loaded Profiles: Jerome (Available Profiles: Jerome)
Boot Mode: Normal
==============================================

fixlist content:
*****************
() C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
() C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
() C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe
C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe
C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe
C:\Users\Jerome\AppData\Roaming\svchostx64.exe
C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe
C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe
C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe
C:\Users\Jerome\AppData\Roaming\svchostx64.exe
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\Run: [Microsoft Windows Manager] => C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe [97063 2017-12-04] ()
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\RunOnce: [Adobe Speed Launcher] => 1512343532
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\CurrentVersion\Windows: [Load] C:\Users\Jerome\LOCALS~1\Temp\mszibaih.scr <==== ATTENTION
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\MountPoints2: F - F:\USBNB.exe
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\MountPoints2: {eb59c5d0-ab00-11e7-bf81-3c77e6d88d6c} - F:\USBNB.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
CMD: Type C:\Users\Jerome\AppData\Roaming\winmgr.txt
2017-12-04 16:07 - 2017-12-04 16:18 - 000000000 ____H C:\Users\Jerome\AppData\Roaming\winmgr.txt
2017-12-04 16:05 - 2017-12-04 16:05 - 000000000 _RSHD C:\Users\Jerome\M-50500586850859759959469767487936945749799505950
2017-12-04 15:56 - 2017-12-04 15:56 - 000003482 _____ C:\Windows\System32\Tasks\Adasdsadas3id
2017-12-04 15:56 - 2017-12-04 15:55 - 000411133 ___SH C:\Users\Jerome\AppData\Roaming\svchostx64.exe
017-12-04 15:55 - 2017-12-04 15:55 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
2017-12-04 15:59 - 2017-12-04 15:59 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01d6c1f0.exe
2017-12-04 16:39 - 2017-12-04 16:39 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01fbaf4c.exe
2017-12-04 16:40 - 2017-12-04 16:40 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01fc09aa.exe
2017-12-04 16:40 - 2017-12-04 16:40 - 000097063 ___SH () C:\Users\Jerome\AppData\Local\Temp\01fcc03c.exe
2017-12-04 16:41 - 2017-12-04 16:41 - 000097063 ___SH () C:\Users\Jerome\AppData\Local\Temp\01fd68bb.exe
2017-12-04 16:54 - 2017-12-04 16:54 - 000097063 ___SH () C:\Users\Jerome\AppData\Local\Temp\02095de2.exe
2017-12-04 16:54 - 2017-12-04 16:54 - 000097063 ___SH () C:\Users\Jerome\AppData\Local\Temp\0209aceb.exe
2017-12-04 21:09 - 2017-12-04 21:09 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\agvwojdopp.exe
2017-12-05 00:15 - 2017-12-05 00:15 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe
2017-12-05 00:14 - 2017-12-05 00:14 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe
2017-12-04 17:01 - 2017-12-04 17:01 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\cvrvjmskyn.exe
2017-12-04 21:09 - 2017-12-04 21:09 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\duaobocteq.exe
2017-12-04 21:30 - 2017-12-04 21:30 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ehsqtrhzpj.exe
2017-12-04 18:15 - 2017-12-04 18:15 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\eqcowpxtcw.exe
2017-12-04 23:54 - 2017-12-04 23:54 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\fhzhrtfyvp.exe
2017-12-04 16:41 - 2017-12-04 16:41 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\fjornqobgd.exe
2017-12-04 22:31 - 2017-12-04 22:31 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\fufqyokkdv.exe
2017-12-04 22:00 - 2017-12-04 22:00 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\gumsbguive.exe
2017-12-04 17:54 - 2017-12-04 17:54 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\gurabohpse.exe
2017-12-04 23:54 - 2017-12-04 23:54 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\hktssgkiaq.exe
2017-12-04 18:15 - 2017-12-04 18:15 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\hlwyxdcdhf.exe
2017-12-04 23:44 - 2017-12-04 23:44 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\hojjqnvoco.exe
2017-12-04 17:33 - 2017-12-04 17:33 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\htwtsipxqo.exe
2017-12-04 21:30 - 2017-12-04 21:30 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\hvxipwgmvk.exe
2017-12-04 23:44 - 2017-12-04 23:44 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\hzvwtscjpb.exe
2017-12-04 20:07 - 2017-12-04 20:07 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\ilrysuvzku.exe
2017-12-04 23:02 - 2017-12-04 23:02 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\imcfhndokt.exe
2017-12-04 18:56 - 2017-12-04 18:56 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\islzhskhtm.exe
2017-12-04 22:42 - 2017-12-04 22:42 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\jgqbtvcnro.exe
2017-12-04 19:37 - 2017-12-04 19:37 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\jjfeqotigp.exe
2017-12-04 17:54 - 2017-12-04 17:54 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\jptkublzff.exe
2017-12-04 18:04 - 2017-12-04 18:04 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\jspawpsuwf.exe
2017-12-04 23:02 - 2017-12-04 23:02 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\kljvfkrjqb.exe
2017-12-04 20:39 - 2017-12-04 20:39 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ladkysjdbf.exe
2017-12-04 20:49 - 2017-12-04 20:49 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\ldjlgudsgg.exe
2017-12-04 20:38 - 2017-12-04 20:38 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\lhaceapzif.exe
2017-12-04 18:56 - 2017-12-04 18:56 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\lkcefbioui.exe
2017-12-04 22:11 - 2017-12-04 22:11 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\lkfwwrqxpm.exe
2017-12-04 22:11 - 2017-12-04 22:11 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\lnqbzwpacz.exe
2016-09-16 09:46 - 2016-09-16 09:46 - 000038400 _____ (NVIDIA Corporation) C:\Users\Jerome\AppData\Local\Temp\lovelies.dll
2017-12-04 18:25 - 2017-12-04 18:25 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\lpfhumbmkc.exe
2017-12-04 20:49 - 2017-12-04 20:49 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\lsygdpxytt.exe
2017-12-04 23:13 - 2017-12-04 23:13 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ltmehqnrms.exe
2017-12-04 18:04 - 2017-12-04 18:04 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\msfguzqbxt.exe
2017-12-04 19:37 - 2017-12-04 19:37 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\mxkwdtkvmy.exe
2017-12-05 00:04 - 2017-12-05 00:04 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\mzkpzxrplh.exe
2016-09-14 13:45 - 2016-09-14 13:45 - 000025600 _____ (Dell Inc.) C:\Users\Jerome\AppData\Local\Temp\neutralism.dll
2017-12-04 16:40 - 2017-12-04 16:40 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\nmeupvbive.exe
2017-12-05 00:04 - 2017-12-05 00:04 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\nvgcwtsmzu.exe
2017-12-04 21:19 - 2017-12-04 21:19 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\oobshsblet.exe
2017-12-04 20:28 - 2017-12-04 20:28 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ooouglthbj.exe
2017-12-04 18:25 - 2017-12-04 18:25 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\oownknzbdq.exe
2017-12-04 21:19 - 2017-12-04 21:19 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\osnfkxifrg.exe
2017-12-04 23:23 - 2017-12-04 23:23 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\oyjmzdunrp.exe
2017-12-04 16:18 - 2017-12-04 16:18 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\pbgffrsjjf.exe
2017-12-04 17:44 - 2017-12-04 17:44 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\ppbctsvxja.exe
2017-12-04 17:44 - 2017-12-04 17:44 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\psnowwbrwn.exe
2017-12-04 17:22 - 2017-12-04 17:22 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\qcoeobirbv.exe
2017-12-04 21:51 - 2017-12-04 21:51 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\qgxzspjopb.exe
2017-12-04 21:51 - 2017-12-04 21:51 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\qkimvuqrco.exe
2017-12-04 22:21 - 2017-12-04 22:21 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\qqbhvzqdxz.exe
2017-12-04 22:52 - 2017-12-04 22:52 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\qvxmecmgrf.exe
2017-12-04 22:52 - 2017-12-04 22:52 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\qyizghlaes.exe
2017-12-04 20:59 - 2017-12-04 20:59 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\raadwxgjxs.exe
2017-12-04 20:28 - 2017-12-04 20:28 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\rffzfurxcx.exe
2017-12-04 17:22 - 2017-12-04 17:22 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\rylrlwjwoh.exe
2017-12-04 20:18 - 2017-12-04 20:18 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\sczjkdadja.exe
2017-12-04 22:31 - 2017-12-04 22:31 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\shniyxbgic.exe
2017-12-04 20:08 - 2017-12-04 20:08 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\slenfgmpyd.exe
2017-12-04 23:33 - 2017-12-04 23:33 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\snzalkgqrj.exe
2017-12-04 20:18 - 2017-12-04 20:18 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\sokwnhhfvn.exe
2017-12-04 16:19 - 2017-12-04 16:19 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\ssxldairjt.exe
2017-12-04 22:21 - 2017-12-04 22:21 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\stdawevnca.exe
2017-12-04 19:17 - 2017-12-04 19:17 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\tawpqrhsgw.exe
2017-12-04 19:58 - 2017-12-04 19:58 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tdmcagibxv.exe
2017-12-04 23:33 - 2017-12-04 23:33 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tkwnifzoew.exe
2017-12-04 22:00 - 2017-12-04 22:00 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tlinmbbgkb.exe
2017-12-04 18:46 - 2017-12-04 18:46 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tsvthezpna.exe
2017-12-04 21:40 - 2017-12-04 21:40 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\tvhrpxpoqp.exe
2017-12-04 18:46 - 2017-12-04 18:46 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\uokgehbvan.exe
2017-12-04 17:11 - 2017-12-04 17:11 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\uuodldzcdy.exe
2017-12-04 19:17 - 2017-12-04 19:17 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\uxlcnniyuj.exe
2017-12-04 17:12 - 2017-12-04 17:12 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\uxziohgeqm.exe
2017-12-04 19:57 - 2017-12-04 19:57 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\vcdzyigjyj.exe
2017-12-04 16:30 - 2017-12-04 16:30 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\vdstglisus.exe
2017-06-28 09:45 - 2017-06-28 09:46 - 032100680 _____ () C:\Users\Jerome\AppData\Local\Temp\vlc-2.2.6-win64.exe
2017-12-04 16:30 - 2017-12-04 16:30 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\vsggehjxhf.exe
2017-12-04 23:12 - 2017-12-04 23:12 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\vtybzovrmr.exe
2017-12-04 16:08 - 2017-12-04 16:08 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\vveazqzfeg.exe
2017-12-04 23:23 - 2017-12-04 23:23 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wgxmlsdxzz.exe
2017-12-04 19:47 - 2017-12-04 19:47 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wkhuryixzj.exe
2017-12-04 21:40 - 2017-12-04 21:40 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\wmxwohnwjd.exe
2017-12-04 19:47 - 2017-12-04 19:47 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\woshucpzlw.exe
2017-12-04 16:51 - 2017-12-04 16:51 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wqaclipczk.exe
2017-12-04 18:35 - 2017-12-04 18:35 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wsrdtqkjds.exe
2017-12-04 18:35 - 2017-12-04 18:35 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\wvdqvurlpf.exe
2017-12-04 21:00 - 2017-12-04 21:00 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\xopurwgoir.exe
2017-12-04 17:33 - 2017-12-04 17:33 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\xtrdopxhbe.exe
2017-12-04 19:06 - 2017-12-04 19:06 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\yaqkntowsz.exe
2017-12-04 19:06 - 2017-12-04 19:06 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\ypektctsrz.exe
2017-12-04 22:42 - 2017-12-04 22:42 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\yvzuaznxyi.exe
2017-12-04 16:51 - 2017-12-04 16:51 - 000097063 _____ () C:\Users\Jerome\AppData\Local\Temp\zhqhjsnkzy.exe
2017-12-04 17:01 - 2017-12-04 17:01 - 000411133 _____ () C:\Users\Jerome\AppData\Local\Temp\zsxkigvalm.exe
Task: {469FC81D-D0E9-45C3-837F-85BF42A1188D} - System32\Tasks\Adasdsadas3id => C:\Users\Jerome\AppData\Roaming\svchostx64.exe [2017-12-04] () <==== ATTENTION
Task: {5123A322-EFC0-4EA0-8DA4-64987853CEC9} - System32\Tasks\{7B68003A-F945-4E7C-A61D-DA828A60B41D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?source=lightinstaller&page=tsInstall
C:\Users\Jerome\AppData\Local\Temp\01d30382.exe
C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe
C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_144.dll
C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe
C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe
C:\Users\Jerome\AppData\Roaming\svchostx64.exe
EmptyTemp:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

*****************

C:\Users\Jerome\AppData\Local\Temp\01d30382.exe => No running process found
C:\Users\Jerome\AppData\Local\Temp\01d30382.exe => No running process found
C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe => No running process found
"C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe" => not found.
"C:\Users\Jerome\AppData\Roaming\svchostx64.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\01d30382.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\01d30382.exe" => not found.
"C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe" => not found.
"C:\Users\Jerome\AppData\Roaming\svchostx64.exe" => not found.
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Manager => value not found.
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value not found.
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value not found.
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key not found
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb59c5d0-ab00-11e7-bf81-3c77e6d88d6c} => key not found
HKLM\Software\Classes\CLSID\{eb59c5d0-ab00-11e7-bf81-3c77e6d88d6c} => key not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => not found.
C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe => not found.
McComponentHostService => service not found.

========= Type C:\Users\Jerome\AppData\Roaming\winmgr.txt =========


========= End of CMD: =========

C:\Users\Jerome\AppData\Roaming\winmgr.txt => moved successfully
"C:\Users\Jerome\M-50500586850859759959469767487936945749799505950" => not found.
"C:\Windows\System32\Tasks\Adasdsadas3id" => not found.
"C:\Users\Jerome\AppData\Roaming\svchostx64.exe" => not found.
017-12-04 15:55 - 2017-12-04 15:55 - 000411133 ___SH () C:\Users\Jerome\AppData\Local\Temp\01d30382.exe => Error: No automatic fix found for this entry.
"C:\Users\Jerome\AppData\Local\Temp\01d6c1f0.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\01fbaf4c.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\01fc09aa.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\01fcc03c.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\01fd68bb.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\02095de2.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\0209aceb.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\agvwojdopp.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\cvrvjmskyn.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\duaobocteq.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\ehsqtrhzpj.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\eqcowpxtcw.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\fhzhrtfyvp.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\fjornqobgd.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\fufqyokkdv.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\gumsbguive.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\gurabohpse.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\hktssgkiaq.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\hlwyxdcdhf.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\hojjqnvoco.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\htwtsipxqo.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\hvxipwgmvk.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\hzvwtscjpb.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\ilrysuvzku.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\imcfhndokt.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\islzhskhtm.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\jgqbtvcnro.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\jjfeqotigp.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\jptkublzff.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\jspawpsuwf.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\kljvfkrjqb.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\ladkysjdbf.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\ldjlgudsgg.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\lhaceapzif.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\lkcefbioui.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\lkfwwrqxpm.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\lnqbzwpacz.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\lovelies.dll" => not found.
"C:\Users\Jerome\AppData\Local\Temp\lpfhumbmkc.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\lsygdpxytt.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\ltmehqnrms.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\msfguzqbxt.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\mxkwdtkvmy.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\mzkpzxrplh.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\neutralism.dll" => not found.
"C:\Users\Jerome\AppData\Local\Temp\nmeupvbive.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\nvgcwtsmzu.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\oobshsblet.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\ooouglthbj.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\oownknzbdq.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\osnfkxifrg.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\oyjmzdunrp.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\pbgffrsjjf.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\ppbctsvxja.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\psnowwbrwn.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\qcoeobirbv.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\qgxzspjopb.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\qkimvuqrco.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\qqbhvzqdxz.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\qvxmecmgrf.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\qyizghlaes.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\raadwxgjxs.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\rffzfurxcx.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\rylrlwjwoh.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\sczjkdadja.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\shniyxbgic.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\slenfgmpyd.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\snzalkgqrj.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\sokwnhhfvn.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\ssxldairjt.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\stdawevnca.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\tawpqrhsgw.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\tdmcagibxv.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\tkwnifzoew.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\tlinmbbgkb.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\tsvthezpna.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\tvhrpxpoqp.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\uokgehbvan.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\uuodldzcdy.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\uxlcnniyuj.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\uxziohgeqm.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\vcdzyigjyj.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\vdstglisus.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\vlc-2.2.6-win64.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\vsggehjxhf.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\vtybzovrmr.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\vveazqzfeg.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\wgxmlsdxzz.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\wkhuryixzj.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\wmxwohnwjd.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\woshucpzlw.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\wqaclipczk.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\wsrdtqkjds.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\wvdqvurlpf.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\xopurwgoir.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\xtrdopxhbe.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\yaqkntowsz.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\ypektctsrz.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\yvzuaznxyi.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\zhqhjsnkzy.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\zsxkigvalm.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{469FC81D-D0E9-45C3-837F-85BF42A1188D} => key not found
C:\Windows\System32\Tasks\Adasdsadas3id => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adasdsadas3id => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5123A322-EFC0-4EA0-8DA4-64987853CEC9} => key not found
C:\Windows\System32\Tasks\{7B68003A-F945-4E7C-A61D-DA828A60B41D} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7B68003A-F945-4E7C-A61D-DA828A60B41D} => key not found
"C:\Users\Jerome\AppData\Local\Temp\01d30382.exe" => not found.
"C:\Users\Jerome\M-50500586850859759959469767487936945749799505950\winmgr.exe" => not found.
"C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_144.dll" => not found.
"C:\Users\Jerome\AppData\Local\Temp\csznadbyeh.exe" => not found.
"C:\Users\Jerome\AppData\Local\Temp\bxyieaimyc.exe" => not found.
"C:\Users\Jerome\AppData\Roaming\svchostx64.exe" => not found.

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-RMS-MSIPC/Debug. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21526642 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 110577024 B
Edge => 0 B
Chrome => 13061555 B
Firefox => 25983495 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 692 B
LocalService => 66708 B
NetworkService => 692 B
Jerome => 220695337 B

RecycleBin => 644105122 B
EmptyTemp: => 988 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:51:58 ====

 

12/06/2017 16:58

Scanning aborted
Number of searched folders: 0
Number of tested files: 0
Number of infected files: 0

----------------------------------------
12/06/2017 18:39
Scan of C:

Scan of *STARTUP

File C:\Users\Jerome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DUC67Q\m[1].exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DUC67Q\t10000[1].exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141715141116.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141717101110.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141717191911.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141812101719.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141816111112.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\151012131415.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\151018101512.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\151110181319.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\151214121319.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\151312131618.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\151317171111.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\151418191816.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\151510161012.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\151519181919.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\151819191316.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121315101212.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121319121410.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121410151718.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121414131916.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121414151616.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121713141719.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121810141014.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121911181010.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121917141316.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\131018141316.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\131113191815.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\131119121213.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\131217101219.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\171418171610.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\171615131318.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\181119171511.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\181214141014.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\181313131811.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\181315151314.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\181418111910.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\181419181016.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\181514191211.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\181614141418.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\181810151317.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\181917141019.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\191113131517.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\191219161512.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\191413161917.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\191418141614.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\191511151911.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\191611121011.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\191612121716.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\191619131512.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\191710101816.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\191919191614.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\161013121817.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\161119141817.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\161216161714.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\161314171714.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\161315141519.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\161413161812.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\161415111917.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\161416191114.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\161612181713.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\161711111813.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\161816111118.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\161916121416.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\171112181816.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\171113191112.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\171319181917.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\171414101613.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\131416131112.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\131710111019.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\131713141817.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\131913101212.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141019121117.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141219151818.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141411121111.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141511171913.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141514191210.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141517101011.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141610141916.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141611161815.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141616111217.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\111316191415.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\111414141018.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\111511121115.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\111718121911.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\111815161113.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\111818171017.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\111919171318.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121015181212.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121018131317.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121219111217.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\121219141110.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\111315171416.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\141616171718.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\171418121618.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\191219101617.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\0195ec97.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\101015161312.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\101214161412.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\101310111610.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\101416141310.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\101518121110.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\101519111716.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\101618191011.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\101912181614.exe|>$TEMP\deconsecrations.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\111215171417.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\111216161313.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\111217121213.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Users\Jerome\AppData\Local\Temp\111217161317.exe|>$TEMP\pounces.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Temp\TrustedInstaller.exe is infected by Win32:Adware-gen [Adw], Moved to chest
Number of searched folders: 18230
Number of tested files: 199443
Number of infected files: 112
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Jerome (administrator) on ALEAH-PC (06-12-2017 23:05:12)
Running from C:\Users\Jerome\Downloads
Loaded Profiles: Jerome (Available Profiles: Jerome)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AbeGunnerZ Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [242552 2013-09-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-01-31] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-12-06] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [2347008 2011-11-10] (AbeGunnerZ Lab)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.22.1
Tcpip\..\Interfaces\{2DCE6236-84C4-4BF9-BE5C-3542EFF0DB10}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{3463424D-9329-4D2B-BF92-7D2A7834773B}: [DhcpNameServer] 192.168.22.1
Tcpip\..\Interfaces\{C1EAB9E2-5F32-4361-B97A-E85AAEE37779}: [DhcpNameServer] 192.168.22.1

Internet Explorer:
==================
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1141224537-1566625622-1964642510-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-12-06] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-12-06] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: oi0my0ey.default
FF ProfilePath: C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\oi0my0ey.default [2017-12-06]
FF Extension: (Avast Online Security) - C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\oi0my0ey.default\Extensions\[email protected] [2017-12-06]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\Jerome\AppData\Roaming\Mozilla\Firefox\Profiles\oi0my0ey.default\features\{b3598417-3003-4bc3-a996-ed336f95439a}\[email protected] [2017-11-22] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_144.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_144.dll [2017-04-01] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default [2017-12-06]
CHR Extension: (Slides) - C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-06]
CHR Extension: (Docs) - C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-06]
CHR Extension: (Google Drive) - C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-06]
CHR Extension: (YouTube) - C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-06]
CHR Extension: (Gmail) - C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\Jerome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-06]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-12-06] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-12-06] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-12-06] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-12-06] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-12-06] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-12-06] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-12-06] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-12-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-12-06] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-12-06] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-12-06] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-12-06] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-12-06] (AVAST Software)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-04-09] (Broadcom Corporation.)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [722488 2010-04-29] (Conexant Systems Inc.)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [827096 2015-02-06] (Realsil Semiconductor Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-06 22:54 - 2017-12-06 22:54 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-12-06 22:47 - 2017-12-06 22:47 - 000000399 _____ C:\Users\Jerome\Downloads\SearchReg.txt
2017-12-06 22:39 - 2017-12-06 22:41 - 000000442 _____ C:\Users\Jerome\Downloads\Search.txt
2017-12-06 11:08 - 2017-12-06 11:08 - 000000000 ___HD C:\$AV_ASW
2017-12-06 11:08 - 2017-12-06 11:08 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\AVAST Software
2017-12-06 11:07 - 2017-12-06 11:07 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-12-06 11:07 - 2017-12-06 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-12-06 11:06 - 2017-12-06 11:06 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2017-12-06 11:06 - 2017-12-06 11:06 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-06 11:05 - 2017-12-06 11:05 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-12-06 11:05 - 2017-12-06 11:05 - 000002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-06 11:05 - 2017-12-06 11:05 - 000002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-06 10:47 - 2017-12-06 11:53 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-06 10:47 - 2017-12-06 11:53 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-06 10:46 - 2017-12-06 11:07 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-12-06 10:46 - 2017-12-06 10:46 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-12-06 10:46 - 2017-12-06 10:46 - 000000000 ____D C:\Program Files\AVAST Software
2017-12-06 10:40 - 2017-12-06 12:09 - 000000000 ____D C:\ProgramData\AVAST Software
2017-12-06 09:14 - 2017-12-06 10:36 - 244431952 _____ (AVAST Software) C:\Users\Jerome\Downloads\avast_free_antivirus_setup_offline.exe
2017-12-06 09:13 - 2017-12-06 09:13 - 000011526 _____ C:\Users\Jerome\Downloads\fixlist(1).txt
2017-12-06 09:11 - 2017-12-06 09:11 - 000005348 _____ C:\junk.txt
2017-12-06 08:59 - 2017-12-06 08:59 - 000006014 _____ C:\Users\Jerome\Desktop\System Idle Process.txt
2017-12-06 08:52 - 2017-12-06 08:53 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\Jerome\Desktop\procexp.exe
2017-12-06 00:58 - 2017-12-06 00:58 - 000001945 _____ C:\Users\Jerome\Desktop\aswMBR.txt
2017-12-06 00:58 - 2017-12-06 00:58 - 000000512 _____ C:\Users\Jerome\Desktop\MBR.dat
2017-12-05 23:18 - 2017-12-05 23:19 - 005200384 _____ (AVAST Software) C:\Users\Jerome\Desktop\aswmbr.exe
2017-12-05 16:30 - 2017-12-06 11:08 - 000000000 _RSHD C:\Users\Jerome\M-50508688597494509743974594749749547979040570
2017-12-05 16:10 - 2017-12-06 22:51 - 000026209 _____ C:\Users\Jerome\Downloads\Fixlog.txt
2017-12-05 12:28 - 2017-12-05 12:28 - 000000000 _RSHD C:\Users\Jerome\M-5050236236598635632592689365026523065306405
2017-12-05 00:19 - 2017-12-05 00:19 - 000000000 ____D C:\Users\Jerome\Downloads\FRST-OlderVersion
2017-12-03 12:30 - 2017-12-03 12:33 - 000000000 ____D C:\Users\Jerome\Documents\keisha's poem
2017-12-01 22:09 - 2017-12-01 22:09 - 000035797 _____ C:\Users\Jerome\Documents\Presentation1.pptx
2017-12-01 21:59 - 2017-12-01 21:59 - 000000037 ____H C:\Users\Jerome\Downloads\.picasa.ini
2017-11-21 09:08 - 2017-12-06 19:25 - 000020271 _____ C:\Users\Jerome\Downloads\Addition.txt
2017-11-21 09:07 - 2017-12-06 23:05 - 000011925 _____ C:\Users\Jerome\Downloads\FRST.txt
2017-11-21 09:07 - 2017-12-06 23:05 - 000000000 ____D C:\FRST
2017-11-21 09:04 - 2017-12-05 00:19 - 002391552 _____ (Farbar) C:\Users\Jerome\Downloads\FRST64.exe
2017-11-21 08:31 - 2017-12-06 22:55 - 000004962 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ALEAH-PC-Jerome Aleah-PC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-06 22:59 - 2009-07-14 13:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-06 22:59 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2017-12-06 22:57 - 2017-06-20 08:41 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\Skype
2017-12-06 22:55 - 2017-04-11 09:43 - 000000000 ____D C:\Users\Jerome\AppData\LocalLow\Mozilla
2017-12-06 22:53 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-06 22:52 - 2017-04-01 12:20 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-12-06 22:52 - 2009-07-14 12:45 - 000009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-06 22:52 - 2009-07-14 12:45 - 000009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-06 18:53 - 2017-04-01 15:33 - 000000000 ____D C:\Temp
2017-12-06 14:58 - 2017-04-01 15:34 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\vlc
2017-12-06 12:43 - 2017-06-20 08:40 - 000000000 ____D C:\ProgramData\Skype
2017-12-06 11:34 - 2017-04-01 12:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-12-06 11:19 - 2017-04-01 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-06 11:19 - 2017-04-01 12:47 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-06 11:19 - 2017-04-01 12:47 - 000000000 ____D C:\Program Files\WinRAR
2017-12-06 11:08 - 2017-04-01 12:49 - 000000000 ____D C:\Users\Jerome\AppData\Local\Google
2017-12-06 11:05 - 2017-04-01 12:49 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-05 22:39 - 2017-10-21 13:22 - 000000000 ____D C:\Users\Jerome\Documents\keisha's wallpapers
2017-12-05 16:30 - 2017-04-01 11:31 - 000000000 ____D C:\Users\Jerome
2017-12-05 16:13 - 2017-04-24 17:05 - 000000000 ___SD C:\Users\Jerome\AppData\LocalLow\Temp
2017-12-01 19:54 - 2017-10-07 14:19 - 000000000 ____D C:\Users\Jerome\Documents\Zac world
2017-11-27 08:25 - 2009-07-14 13:08 - 000032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-26 15:59 - 2009-07-14 15:45 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-11-26 15:44 - 2017-04-05 12:31 - 000000000 ____D C:\Users\Jerome\Documents\Custom Office Templates
2017-11-25 09:53 - 2017-05-28 02:14 - 000000000 ____D C:\Users\Jerome\Documents\Chad
2017-11-21 08:18 - 2017-05-07 15:48 - 000004966 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jerome-PC-Jerome Jerome-PC
2017-11-19 02:02 - 2017-08-17 19:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-18 09:15 - 2017-04-01 12:53 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\Mozilla
2017-11-18 09:15 - 2017-04-01 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-16 21:34 - 2017-10-07 14:21 - 000000000 ____D C:\Users\Jerome\Documents\subject projects
2017-11-16 21:24 - 2017-04-07 18:51 - 000000000 ___RD C:\Users\Jerome\Documents\Notes
2017-11-16 21:23 - 2017-07-15 17:11 - 000000000 ____D C:\Users\Jerome\Documents\Border's
2017-11-15 18:13 - 2017-04-24 16:58 - 000000000 ____D C:\Users\Jerome\AppData\Roaming\uTorrent
2017-11-13 08:28 - 2017-11-04 18:47 - 000183028 _____ C:\Users\Jerome\Documents\resume-new.pdf

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-01 15:27

==================== End of FRST.txt ============================

\Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Jerome (06-12-2017 23:06:40)
Running from C:\Users\Jerome\Downloads
Windows 7 Ultimate (X64) (2017-04-01 03:30:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1141224537-1566625622-1964642510-500 - Administrator - Disabled)
Guest (S-1-5-21-1141224537-1566625622-1964642510-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1141224537-1566625622-1964642510-1002 - Limited - Enabled)
Jerome (S-1-5-21-1141224537-1566625622-1964642510-1000 - Administrator - Enabled) => C:\Users\Jerome

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Conexant Audio Driver For AMD HDMI/DP Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.32.50 - Conexant)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Program4Pc PC Image Editor (HKLM-x32\...\{29A01513-64A8-4543-AF3C-C2E4CD7FFE1A}_is1) (Version: 5.9.0.0 - Program4Pc Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7496 - Realtek Semiconductor Corp.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.10 - Synaptics Incorporated)
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-06] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-06] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-06] (AVAST Software)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-06] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0580C630-E30A-4740-9DCA-49E36FA8E06F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-06] (AVAST Software)
Task: {10377F89-F8D0-479D-958A-B4F9CA857F00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-06] (Google Inc.)
Task: {141DD205-C192-426B-9947-A32FC27B3FD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {1512A98F-446E-4F60-BE9E-CFB6A3E8F436} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1141224537-1566625622-1964642510-1000
Task: {64FDB0B8-AB17-4282-8395-6B6CD1DE4D95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-06] (Google Inc.)
Task: {968A22A1-0275-4695-B2D4-042FD7ED05B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {9FBF3A29-503A-40E2-BD62-BF91332740F2} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jerome-PC-Jerome Jerome-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {E1CA80DF-F64A-4399-BE94-44D43ADBDB3A} - \Adasdsadas3id -> No File <==== ATTENTION
Task: {E9C41C62-CCBF-4768-A386-F9F022DE1F22} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ALEAH-PC-Jerome Aleah-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {EAE5977A-9435-42D9-9298-0433ACDC0DA9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F7C39634-F5DB-4FDF-902A-4488F32A291C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-06] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-12-06 10:46 - 2017-12-06 10:46 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 006522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-12-06 11:52 - 2017-12-06 11:52 - 005892848 _____ () C:\Program Files\AVAST Software\Avast\defs\17120402\algo.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 006522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-06 10:46 - 2017-12-06 10:46 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2017-09-30 08:00 - 000000865 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1141224537-1566625622-1964642510-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jerome\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.22.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F6ADCFF5-F884-44F8-A4EF-0F5CF759F8E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A1FCF24-4A30-491B-8E0E-C700C2684268}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CFE2533A-1A8E-4694-ACB1-4968CC0CB40F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{121A1CC9-D3EE-4109-B01B-DE56BF7B480A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DC237C0E-5807-4373-A20F-ECCFD872276A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E15237F-3E9F-43AA-A6C4-C5104ED25683}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E7951274-B8D0-4EBC-92D6-2ECAA1CED349}] => (Allow) C:\Users\Jerome\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A9065BA6-0B98-4C01-949D-C7053958A067}] => (Allow) C:\Users\Jerome\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{065FA1A5-5BBC-4D77-A166-64DC3D6A7FF7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{4751BB15-B1F8-47C3-98D5-81D7274EE0DC}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{DCC8924E-C16F-47AE-9FEA-23301FE857AE}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{9A33AB2F-0C75-4130-8B06-949B450529A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2017 10:55:18 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/06/2017 10:55:18 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/06/2017 10:55:18 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/06/2017 10:55:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/06/2017 10:54:46 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/06/2017 10:54:46 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/06/2017 10:54:46 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/06/2017 10:54:46 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)

Error: (12/06/2017 10:54:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\USB Disk Security\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/06/2017 10:54:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\USB Disk Security\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/06/2017 11:04:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 5 time(s).

Error: (12/06/2017 11:04:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.

Error: (12/06/2017 10:55:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).

Error: (12/06/2017 10:55:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.

Error: (12/06/2017 10:55:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).

Error: (12/06/2017 10:55:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.

Error: (12/06/2017 10:54:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/06/2017 10:54:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
The system cannot find the file specified.

Error: (12/06/2017 10:54:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/06/2017 10:54:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.


==================== Memory info ===========================

Processor: AMD A8-5545M APU with Radeon™ HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 5321.89 MB
Available physical RAM: 3311.53 MB
Total Virtual: 10641.93 MB
Available Virtual: 8477.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:104.39 GB) (Free:16.75 GB) NTFS
Drive d: () (Fixed) (Total:361.27 GB) (Free:319.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6CE6BB76)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=361.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

 

Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Jerome (06-12-2017 23:11:14)
Running from C:\Users\Jerome\Downloads
Boot Mode: Normal

================== Search Files: "svchostx64.exe;winmgr.exe" =============

C:\Users\Jerome\M-5050236236598635632592689365026523065306405\winmgr.exe
[2017-12-05 12:28][2017-12-05 12:25] 000095484 __RSH () 2236F1562A6F25C7EC91D93EEA6AE4C4 [File not signed]


====== End of Search ======

 

 

 

Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Jerome (06-12-2017 23:16:30)
Running from C:\Users\Jerome\Downloads
Boot Mode: Normal

================== Search Registry: "svchostx64.exe;winmgr.exe" ===========


===================== Search result for "svchostx64.exe" ==========


===================== Search result for "winmgr.exe" ==========

====== End of Search ======


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

The last FRST scan looks good.  Can you run a new Process Explorer log?


  • 0

#7
lhey

lhey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Hi!

 

Below explorer log:

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 95.97 0 K 24 K 0
System 0.27 112 K 324 K 4
 Interrupts 1.08 0 K 0 K n/a Hardware Interrupts and DPCs
 smss.exe 520 K 1,104 K 344 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,416 K 4,516 K 492 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
 conhost.exe 1,072 K 2,532 K 1332 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,660 K 4,336 K 572 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
 services.exe 6,108 K 10,216 K 636 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
  svchost.exe 0.01 4,920 K 9,624 K 808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
   WmiPrvSE.exe 3,084 K 6,332 K 1336 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
  svchost.exe 0.01 4,836 K 8,468 K 900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
  atiesrxx.exe 1,608 K 4,536 K 964 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
   atieclxx.exe 2,696 K 7,112 K 1260 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
  svchost.exe 21,912 K 23,880 K 128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
   audiodg.exe 16,396 K 16,096 K 5712 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
  svchost.exe 0.01 120,412 K 127,568 K 268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
   wlanext.exe 2,028 K 4,992 K 1324 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
   dwm.exe 0.49 31,708 K 29,432 K 2544 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
  svchost.exe 0.09 23,204 K 37,648 K 380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
  svchost.exe < 0.01 12,660 K 20,992 K 1044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
  svchost.exe 0.02 18,336 K 19,160 K 1144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
  AvastSvc.exe 0.01 208,116 K 41,388 K 1388 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
  spoolsv.exe 6,724 K 11,796 K 1704 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
  svchost.exe 17,448 K 19,224 K 1732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
  taskhost.exe < 0.01 8,124 K 9,256 K 1776 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
  armsvc.exe 1,204 K 3,768 K 1880 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
  sppsvc.exe 2,784 K 8,456 K 1984 Microsoft Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Windows
  svchost.exe 2,192 K 5,672 K 1476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
  svchost.exe 1,836 K 4,560 K 2128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
  aswidsagenta.exe 0.01 17,196 K 30,464 K 2908 Avast Behavior Shield AVAST Software (Verified) AVAST Software s.r.o.
  wmpnetwk.exe 0.01 11,872 K 14,080 K 3960 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
  svchost.exe 0.03 9,764 K 88,072 K 1492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
  svchost.exe < 0.01 12,076 K 15,172 K 4280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
  taskhost.exe 4,168 K 5,396 K 2264 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
 lsass.exe 0.01 5,856 K 13,236 K 656 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
 lsm.exe 2,748 K 4,312 K 672 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.16 4,368 K 22,628 K 588 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,276 K 7,412 K 692 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.04 48,716 K 74,204 K 2628 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
 SynTPEnh.exe 0.57 8,932 K 15,272 K 1104 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
 Skype.exe 0.05 68,280 K 71,920 K 2828 Skype Skype Technologies S.A. (Verified) Skype Software Sarl
 StikyNot.exe 6,628 K 14,892 K 3448 Sticky Notes Microsoft Corporation (Verified) Microsoft Windows
 chrome.exe 0.03 190,788 K 258,744 K 3864 Google Chrome Google Inc. (Verified) Google Inc
  chrome.exe 2,336 K 5,712 K 4044 Google Chrome Google Inc. (Verified) Google Inc
  chrome.exe 2,360 K 6,388 K 3172 Google Chrome Google Inc. (Verified) Google Inc
  chrome.exe 0.03 119,864 K 119,308 K 2276 Google Chrome Google Inc. (Verified) Google Inc
  chrome.exe 79,096 K 202,244 K 4872 Google Chrome Google Inc. (Verified) Google Inc
  chrome.exe 0.04 113,780 K 206,980 K 4204 Google Chrome Google Inc. (Verified) Google Inc
  chrome.exe 66,612 K 89,232 K 4608 Google Chrome Google Inc. (Verified) Google Inc
  chrome.exe 31,252 K 37,520 K 5032 Google Chrome Google Inc. (Verified) Google Inc
 procexp.exe 2,616 K 7,284 K 6040 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
  procexp64.exe 1.04 25,756 K 44,536 K 5156 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
AvastUI.exe 0.02 32,388 K 51,304 K 3108 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
 AvastUI.exe 94,248 K 233,160 K 4172 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
SynTPHelper.exe 1,564 K 3,500 K 3288 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
USBGuard.exe 0.01 9,116 K 16,172 K 3688 USB Disk Security Pro AbeGunnerZ Lab (No signature was present in the subject) AbeGunnerZ Lab

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Looking good.  Mo sign of infection.  Are you still getting popups?

 

The only thing I see is a problem with Search.  Let's check your system files:

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
  • 0

#9
lhey

lhey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Hi!

 

Yes, no pop ups already. 

 

There is an error when I tried this in command prompt sfc  /scannow, Verification 100% complete but an error in windows resource protection corrupt files but was unable to fix some of them.

 

it tried this code it but says cannot find specified path

 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt
notepad \windows\logs\cbs\junk.txt


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

This usually works in Win 7.  Perhaps Windows doesn't like us using the \ folder any more.

 

Try each line separately:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  

Does this find anything?  If not, you may need to rerun SFC /scannow as the info does not stay in the cbs.log too long.

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \Users\Jerome\desktop\junk.txt
notepad \Users\Jerome\desktop\junk.txt

  • 0

#11
lhey

lhey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Hi! 

Yes, it finally works. Here are the txt files.

 

2017-12-09 09:17:56, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:17:56, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2017-12-09 09:18:02, Info                  CSI    0000000c [SR] Verify complete
2017-12-09 09:18:02, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:18:02, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2017-12-09 09:18:07, Info                  CSI    00000010 [SR] Verify complete
2017-12-09 09:18:07, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:18:07, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2017-12-09 09:18:12, Info                  CSI    00000014 [SR] Verify complete
2017-12-09 09:18:13, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:18:13, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2017-12-09 09:18:16, Info                  CSI    00000018 [SR] Verify complete
2017-12-09 09:18:17, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:18:17, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2017-12-09 09:18:20, Info                  CSI    0000001c [SR] Verify complete
2017-12-09 09:18:20, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:18:20, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2017-12-09 09:18:25, Info                  CSI    00000020 [SR] Verify complete
2017-12-09 09:18:26, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:18:26, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2017-12-09 09:18:35, Info                  CSI    00000027 [SR] Verify complete
2017-12-09 09:18:35, Info                  CSI    00000028 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:18:35, Info                  CSI    00000029 [SR] Beginning Verify and Repair transaction
2017-12-09 09:18:40, Info                  CSI    0000002b [SR] Verify complete
2017-12-09 09:18:41, Info                  CSI    0000002c [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:18:41, Info                  CSI    0000002d [SR] Beginning Verify and Repair transaction
2017-12-09 09:18:47, Info                  CSI    00000031 [SR] Verify complete
2017-12-09 09:18:47, Info                  CSI    00000032 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:18:47, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
2017-12-09 09:18:53, Info                  CSI    00000035 [SR] Verify complete
2017-12-09 09:18:54, Info                  CSI    00000036 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:18:54, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
2017-12-09 09:19:03, Info                  CSI    00000059 [SR] Verify complete
2017-12-09 09:19:04, Info                  CSI    0000005a [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:19:04, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2017-12-09 09:19:10, Info                  CSI    00000060 [SR] Verify complete
2017-12-09 09:19:11, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:19:11, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2017-12-09 09:19:18, Info                  CSI    00000064 [SR] Verify complete
2017-12-09 09:19:19, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:19:19, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2017-12-09 09:19:25, Info                  CSI    00000068 [SR] Verify complete
2017-12-09 09:19:25, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:19:25, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2017-12-09 09:19:31, Info                  CSI    0000006c [SR] Verify complete
2017-12-09 09:19:31, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:19:31, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2017-12-09 09:19:38, Info                  CSI    00000070 [SR] Verify complete
2017-12-09 09:19:39, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:19:39, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2017-12-09 09:19:48, Info                  CSI    00000076 [SR] Verify complete
2017-12-09 09:19:49, Info                  CSI    00000077 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:19:49, Info                  CSI    00000078 [SR] Beginning Verify and Repair transaction
2017-12-09 09:20:02, Info                  CSI    00000099 [SR] Verify complete
2017-12-09 09:20:02, Info                  CSI    0000009a [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:20:02, Info                  CSI    0000009b [SR] Beginning Verify and Repair transaction
2017-12-09 09:20:17, Info                  CSI    0000009d [SR] Verify complete
2017-12-09 09:20:17, Info                  CSI    0000009e [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:20:17, Info                  CSI    0000009f [SR] Beginning Verify and Repair transaction
2017-12-09 09:20:33, Info                  CSI    000000a1 [SR] Verify complete
2017-12-09 09:20:33, Info                  CSI    000000a2 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:20:33, Info                  CSI    000000a3 [SR] Beginning Verify and Repair transaction
2017-12-09 09:20:38, Info                  CSI    000000a7 [SR] Verify complete
2017-12-09 09:20:38, Info                  CSI    000000a8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:20:38, Info                  CSI    000000a9 [SR] Beginning Verify and Repair transaction
2017-12-09 09:20:41, Info                  CSI    000000ab [SR] Verify complete
2017-12-09 09:20:41, Info                  CSI    000000ac [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:20:41, Info                  CSI    000000ad [SR] Beginning Verify and Repair transaction
2017-12-09 09:20:43, Info                  CSI    000000af [SR] Verify complete
2017-12-09 09:20:44, Info                  CSI    000000b0 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:20:44, Info                  CSI    000000b1 [SR] Beginning Verify and Repair transaction
2017-12-09 09:20:51, Info                  CSI    000000b5 [SR] Verify complete
2017-12-09 09:20:51, Info                  CSI    000000b6 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:20:51, Info                  CSI    000000b7 [SR] Beginning Verify and Repair transaction
2017-12-09 09:20:59, Info                  CSI    000000c8 [SR] Verify complete
2017-12-09 09:21:00, Info                  CSI    000000c9 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:21:00, Info                  CSI    000000ca [SR] Beginning Verify and Repair transaction
2017-12-09 09:21:01, Info                  CSI    000000cc [SR] Verify complete
2017-12-09 09:21:02, Info                  CSI    000000cd [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:21:02, Info                  CSI    000000ce [SR] Beginning Verify and Repair transaction
2017-12-09 09:21:07, Info                  CSI    000000d0 [SR] Verify complete
2017-12-09 09:21:07, Info                  CSI    000000d1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:21:07, Info                  CSI    000000d2 [SR] Beginning Verify and Repair transaction
2017-12-09 09:21:11, Info                  CSI    000000d4 [SR] Verify complete
2017-12-09 09:21:11, Info                  CSI    000000d5 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:21:11, Info                  CSI    000000d6 [SR] Beginning Verify and Repair transaction
2017-12-09 09:21:19, Info                  CSI    000000d9 [SR] Verify complete
2017-12-09 09:21:19, Info                  CSI    000000da [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:21:19, Info                  CSI    000000db [SR] Beginning Verify and Repair transaction
2017-12-09 09:21:29, Info                  CSI    000000dd [SR] Verify complete
2017-12-09 09:21:29, Info                  CSI    000000de [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:21:29, Info                  CSI    000000df [SR] Beginning Verify and Repair transaction
2017-12-09 09:21:32, Info                  CSI    000000e1 [SR] Verify complete
2017-12-09 09:21:32, Info                  CSI    000000e2 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:21:32, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
2017-12-09 09:21:35, Info                  CSI    000000e5 [SR] Verify complete
2017-12-09 09:21:36, Info                  CSI    000000e6 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:21:36, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
2017-12-09 09:21:44, Info                  CSI    000000e9 [SR] Verify complete
2017-12-09 09:21:45, Info                  CSI    000000ea [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:21:45, Info                  CSI    000000eb [SR] Beginning Verify and Repair transaction
2017-12-09 09:21:52, Info                  CSI    000000ed [SR] Verify complete
2017-12-09 09:21:53, Info                  CSI    000000ee [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:21:53, Info                  CSI    000000ef [SR] Beginning Verify and Repair transaction
2017-12-09 09:22:05, Info                  CSI    000000f1 [SR] Verify complete
2017-12-09 09:22:05, Info                  CSI    000000f2 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:22:05, Info                  CSI    000000f3 [SR] Beginning Verify and Repair transaction
2017-12-09 09:22:16, Info                  CSI    0000010b [SR] Verify complete
2017-12-09 09:22:16, Info                  CSI    0000010c [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:22:16, Info                  CSI    0000010d [SR] Beginning Verify and Repair transaction
2017-12-09 09:22:23, Info                  CSI    0000010f [SR] Verify complete
2017-12-09 09:22:24, Info                  CSI    00000110 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:22:24, Info                  CSI    00000111 [SR] Beginning Verify and Repair transaction
2017-12-09 09:22:43, Info                  CSI    00000113 [SR] Verify complete
2017-12-09 09:22:43, Info                  CSI    00000114 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:22:43, Info                  CSI    00000115 [SR] Beginning Verify and Repair transaction
2017-12-09 09:22:58, Info                  CSI    00000118 [SR] Verify complete
2017-12-09 09:22:59, Info                  CSI    00000119 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:22:59, Info                  CSI    0000011a [SR] Beginning Verify and Repair transaction
2017-12-09 09:23:08, Info                  CSI    0000011c [SR] Verify complete
2017-12-09 09:23:09, Info                  CSI    0000011d [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:23:09, Info                  CSI    0000011e [SR] Beginning Verify and Repair transaction
2017-12-09 09:23:16, Info                  CSI    00000120 [SR] Verify complete
2017-12-09 09:23:17, Info                  CSI    00000121 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:23:17, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2017-12-09 09:23:23, Info                  CSI    00000124 [SR] Verify complete
2017-12-09 09:23:24, Info                  CSI    00000125 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:23:24, Info                  CSI    00000126 [SR] Beginning Verify and Repair transaction
2017-12-09 09:23:30, Info                  CSI    00000128 [SR] Verify complete
2017-12-09 09:23:31, Info                  CSI    00000129 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:23:31, Info                  CSI    0000012a [SR] Beginning Verify and Repair transaction
2017-12-09 09:23:38, Info                  CSI    0000012e [SR] Verify complete
2017-12-09 09:23:38, Info                  CSI    0000012f [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:23:38, Info                  CSI    00000130 [SR] Beginning Verify and Repair transaction
2017-12-09 09:23:57, Info                  CSI    00000132 [SR] Verify complete
2017-12-09 09:23:58, Info                  CSI    00000133 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:23:58, Info                  CSI    00000134 [SR] Beginning Verify and Repair transaction
2017-12-09 09:24:10, Info                  CSI    00000137 [SR] Verify complete
2017-12-09 09:24:11, Info                  CSI    00000138 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:24:11, Info                  CSI    00000139 [SR] Beginning Verify and Repair transaction
2017-12-09 09:24:20, Info                  CSI    0000013b [SR] Verify complete
2017-12-09 09:24:20, Info                  CSI    0000013c [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:24:20, Info                  CSI    0000013d [SR] Beginning Verify and Repair transaction
2017-12-09 09:24:28, Info                  CSI    00000140 [SR] Verify complete
2017-12-09 09:24:28, Info                  CSI    00000141 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:24:28, Info                  CSI    00000142 [SR] Beginning Verify and Repair transaction
2017-12-09 09:24:37, Info                  CSI    00000144 [SR] Verify complete
2017-12-09 09:24:37, Info                  CSI    00000145 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:24:37, Info                  CSI    00000146 [SR] Beginning Verify and Repair transaction
2017-12-09 09:24:49, Info                  CSI    00000149 [SR] Verify complete
2017-12-09 09:24:50, Info                  CSI    0000014a [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:24:50, Info                  CSI    0000014b [SR] Beginning Verify and Repair transaction
2017-12-09 09:24:57, Info                  CSI    0000014d [SR] Verify complete
2017-12-09 09:24:57, Info                  CSI    0000014e [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:24:57, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
2017-12-09 09:25:04, Info                  CSI    00000151 [SR] Verify complete
2017-12-09 09:25:05, Info                  CSI    00000152 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:25:05, Info                  CSI    00000153 [SR] Beginning Verify and Repair transaction
2017-12-09 09:25:10, Info                  CSI    00000155 [SR] Verify complete
2017-12-09 09:25:11, Info                  CSI    00000156 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:25:11, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
2017-12-09 09:25:19, Info                  CSI    0000015a [SR] Verify complete
2017-12-09 09:25:20, Info                  CSI    0000015b [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:25:20, Info                  CSI    0000015c [SR] Beginning Verify and Repair transaction
2017-12-09 09:25:25, Info                  CSI    0000015e [SR] Verify complete
2017-12-09 09:25:26, Info                  CSI    0000015f [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:25:26, Info                  CSI    00000160 [SR] Beginning Verify and Repair transaction
2017-12-09 09:25:34, Info                  CSI    00000163 [SR] Verify complete
2017-12-09 09:25:35, Info                  CSI    00000164 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:25:35, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
2017-12-09 09:25:44, Info                  CSI    00000167 [SR] Verify complete
2017-12-09 09:25:44, Info                  CSI    00000168 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:25:44, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
2017-12-09 09:25:53, Info                  CSI    0000016d [SR] Verify complete
2017-12-09 09:25:53, Info                  CSI    0000016e [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:25:53, Info                  CSI    0000016f [SR] Beginning Verify and Repair transaction
2017-12-09 09:26:01, Info                  CSI    00000171 [SR] Verify complete
2017-12-09 09:26:02, Info                  CSI    00000172 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:26:02, Info                  CSI    00000173 [SR] Beginning Verify and Repair transaction
2017-12-09 09:26:10, Info                  CSI    00000176 [SR] Verify complete
2017-12-09 09:26:11, Info                  CSI    00000177 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:26:11, Info                  CSI    00000178 [SR] Beginning Verify and Repair transaction
2017-12-09 09:26:16, Info                  CSI    0000017a [SR] Verify complete
2017-12-09 09:26:16, Info                  CSI    0000017b [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:26:16, Info                  CSI    0000017c [SR] Beginning Verify and Repair transaction
2017-12-09 09:26:19, Info                  CSI    0000017e [SR] Verify complete
2017-12-09 09:26:19, Info                  CSI    0000017f [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:26:19, Info                  CSI    00000180 [SR] Beginning Verify and Repair transaction
2017-12-09 09:26:26, Info                  CSI    00000182 [SR] Verify complete
2017-12-09 09:26:26, Info                  CSI    00000183 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:26:26, Info                  CSI    00000184 [SR] Beginning Verify and Repair transaction
2017-12-09 09:26:33, Info                  CSI    00000186 [SR] Verify complete
2017-12-09 09:26:33, Info                  CSI    00000187 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:26:33, Info                  CSI    00000188 [SR] Beginning Verify and Repair transaction
2017-12-09 09:26:40, Info                  CSI    0000018a [SR] Verify complete
2017-12-09 09:26:40, Info                  CSI    0000018b [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:26:40, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2017-12-09 09:26:44, Info                  CSI    0000018e [SR] Verify complete
2017-12-09 09:26:44, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:26:44, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2017-12-09 09:26:51, Info                  CSI    00000192 [SR] Verify complete
2017-12-09 09:26:52, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:26:52, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2017-12-09 09:27:07, Info                  CSI    00000196 [SR] Verify complete
2017-12-09 09:27:08, Info                  CSI    00000197 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:27:08, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2017-12-09 09:27:29, Info                  CSI    0000019a [SR] Verify complete
2017-12-09 09:27:30, Info                  CSI    0000019b [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:27:30, Info                  CSI    0000019c [SR] Beginning Verify and Repair transaction
2017-12-09 09:27:37, Info                  CSI    0000019e [SR] Verify complete
2017-12-09 09:27:38, Info                  CSI    0000019f [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:27:38, Info                  CSI    000001a0 [SR] Beginning Verify and Repair transaction
2017-12-09 09:27:44, Info                  CSI    000001a2 [SR] Verify complete
2017-12-09 09:27:44, Info                  CSI    000001a3 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:27:44, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
2017-12-09 09:27:47, Info                  CSI    000001a6 [SR] Verify complete
2017-12-09 09:27:48, Info                  CSI    000001a7 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:27:48, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
2017-12-09 09:27:52, Info                  CSI    000001aa [SR] Verify complete
2017-12-09 09:27:53, Info                  CSI    000001ab [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:27:53, Info                  CSI    000001ac [SR] Beginning Verify and Repair transaction
2017-12-09 09:27:59, Info                  CSI    000001ae [SR] Verify complete
2017-12-09 09:27:59, Info                  CSI    000001af [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:27:59, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
2017-12-09 09:28:11, Info                  CSI    000001b8 [SR] Verify complete
2017-12-09 09:28:12, Info                  CSI    000001b9 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:28:12, Info                  CSI    000001ba [SR] Beginning Verify and Repair transaction
2017-12-09 09:28:16, Info                  CSI    000001bc [SR] Verify complete
2017-12-09 09:28:16, Info                  CSI    000001bd [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:28:16, Info                  CSI    000001be [SR] Beginning Verify and Repair transaction
2017-12-09 09:28:20, Info                  CSI    000001c0 [SR] Verify complete
2017-12-09 09:28:20, Info                  CSI    000001c1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:28:20, Info                  CSI    000001c2 [SR] Beginning Verify and Repair transaction
2017-12-09 09:28:24, Info                  CSI    000001c4 [SR] Verify complete
2017-12-09 09:28:25, Info                  CSI    000001c5 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:28:25, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
2017-12-09 09:28:31, Info                  CSI    000001c8 [SR] Verify complete
2017-12-09 09:28:32, Info                  CSI    000001c9 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:28:32, Info                  CSI    000001ca [SR] Beginning Verify and Repair transaction
2017-12-09 09:28:42, Info                  CSI    000001cd [SR] Verify complete
2017-12-09 09:28:43, Info                  CSI    000001ce [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:28:43, Info                  CSI    000001cf [SR] Beginning Verify and Repair transaction
2017-12-09 09:28:47, Info                  CSI    000001d1 [SR] Verify complete
2017-12-09 09:28:48, Info                  CSI    000001d2 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:28:48, Info                  CSI    000001d3 [SR] Beginning Verify and Repair transaction
2017-12-09 09:28:51, Info                  CSI    000001d5 [SR] Verify complete
2017-12-09 09:28:52, Info                  CSI    000001d6 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:28:52, Info                  CSI    000001d7 [SR] Beginning Verify and Repair transaction
2017-12-09 09:29:08, Info                  CSI    000001dc [SR] Verify complete
2017-12-09 09:29:09, Info                  CSI    000001dd [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:29:09, Info                  CSI    000001de [SR] Beginning Verify and Repair transaction
2017-12-09 09:29:21, Info                  CSI    000001e1 [SR] Verify complete
2017-12-09 09:29:21, Info                  CSI    000001e2 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:29:21, Info                  CSI    000001e3 [SR] Beginning Verify and Repair transaction
2017-12-09 09:29:29, Info                  CSI    000001e7 [SR] Verify complete
2017-12-09 09:29:30, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:29:30, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
2017-12-09 09:29:41, Info                  CSI    000001f4 [SR] Verify complete
2017-12-09 09:29:41, Info                  CSI    000001f5 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:29:41, Info                  CSI    000001f6 [SR] Beginning Verify and Repair transaction
2017-12-09 09:29:53, Info                  CSI    000001fd [SR] Verify complete
2017-12-09 09:29:54, Info                  CSI    000001fe [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:29:54, Info                  CSI    000001ff [SR] Beginning Verify and Repair transaction
2017-12-09 09:29:59, Info                  CSI    00000201 [SR] Verify complete
2017-12-09 09:30:00, Info                  CSI    00000202 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:30:00, Info                  CSI    00000203 [SR] Beginning Verify and Repair transaction
2017-12-09 09:30:05, Info                  CSI    00000207 [SR] Verify complete
2017-12-09 09:30:06, Info                  CSI    00000208 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:30:06, Info                  CSI    00000209 [SR] Beginning Verify and Repair transaction
2017-12-09 09:30:11, Info                  CSI    0000020b [SR] Verify complete
2017-12-09 09:30:12, Info                  CSI    0000020c [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:30:12, Info                  CSI    0000020d [SR] Beginning Verify and Repair transaction
2017-12-09 09:30:21, Info                  CSI    00000232 [SR] Verify complete
2017-12-09 09:30:22, Info                  CSI    00000233 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:30:22, Info                  CSI    00000234 [SR] Beginning Verify and Repair transaction
2017-12-09 09:30:27, Info                  CSI    00000236 [SR] Verify complete
2017-12-09 09:30:27, Info                  CSI    00000237 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:30:27, Info                  CSI    00000238 [SR] Beginning Verify and Repair transaction
2017-12-09 09:30:32, Info                  CSI    0000023a [SR] Verify complete
2017-12-09 09:30:32, Info                  CSI    0000023b [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:30:32, Info                  CSI    0000023c [SR] Beginning Verify and Repair transaction
2017-12-09 09:30:37, Info                  CSI    0000023e [SR] Verify complete
2017-12-09 09:30:38, Info                  CSI    0000023f [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:30:38, Info                  CSI    00000240 [SR] Beginning Verify and Repair transaction
2017-12-09 09:30:43, Info                  CSI    0000024e [SR] Verify complete
2017-12-09 09:30:43, Info                  CSI    0000024f [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:30:43, Info                  CSI    00000250 [SR] Beginning Verify and Repair transaction
2017-12-09 09:30:55, Info                  CSI    00000252 [SR] Verify complete
2017-12-09 09:30:55, Info                  CSI    00000253 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:30:55, Info                  CSI    00000254 [SR] Beginning Verify and Repair transaction
2017-12-09 09:31:05, Info                  CSI    00000262 [SR] Verify complete
2017-12-09 09:31:05, Info                  CSI    00000263 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:31:05, Info                  CSI    00000264 [SR] Beginning Verify and Repair transaction
2017-12-09 09:31:08, Info                  CSI    00000266 [SR] Verify complete
2017-12-09 09:31:08, Info                  CSI    00000267 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:31:08, Info                  CSI    00000268 [SR] Beginning Verify and Repair transaction
2017-12-09 09:31:14, Info                  CSI    0000026a [SR] Verify complete
2017-12-09 09:31:15, Info                  CSI    0000026b [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:31:15, Info                  CSI    0000026c [SR] Beginning Verify and Repair transaction
2017-12-09 09:31:19, Info                  CSI    0000026e [SR] Verify complete
2017-12-09 09:31:19, Info                  CSI    0000026f [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:31:19, Info                  CSI    00000270 [SR] Beginning Verify and Repair transaction
2017-12-09 09:31:21, Info                  CSI    00000272 [SR] Verify complete
2017-12-09 09:31:22, Info                  CSI    00000273 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:31:22, Info                  CSI    00000274 [SR] Beginning Verify and Repair transaction
2017-12-09 09:31:29, Info                  CSI    00000276 [SR] Verify complete
2017-12-09 09:31:30, Info                  CSI    00000277 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:31:30, Info                  CSI    00000278 [SR] Beginning Verify and Repair transaction
2017-12-09 09:31:34, Info                  CSI    0000027a [SR] Verify complete
2017-12-09 09:31:35, Info                  CSI    0000027b [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:31:35, Info                  CSI    0000027c [SR] Beginning Verify and Repair transaction
2017-12-09 09:31:49, Info                  CSI    00000296 [SR] Verify complete
2017-12-09 09:31:50, Info                  CSI    00000297 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:31:50, Info                  CSI    00000298 [SR] Beginning Verify and Repair transaction
2017-12-09 09:31:53, Info                  CSI    0000029a [SR] Cannot repair member file [l:28{14}]"iassdo.dll.mui" of Microsoft-Windows-Networking-Internet_Authentication_Service_Iassdo.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-09 09:31:54, Info                  CSI    0000029c [SR] Cannot repair member file [l:28{14}]"iassdo.dll.mui" of Microsoft-Windows-Networking-Internet_Authentication_Service_Iassdo.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-09 09:31:54, Info                  CSI    0000029d [SR] This component was referenced by [l:266{133}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.Windows Foundation Language Pack"
2017-12-09 09:31:54, Info                  CSI    000002a0 [SR] Could not reproject corrupted file [ml:60{30},l:58{29}]"\??\C:\Windows\SysWOW64\en-US"\[l:28{14}]"iassdo.dll.mui"; source file in store is also corrupted
2017-12-09 09:31:56, Info                  CSI    000002a2 [SR] Verify complete
2017-12-09 09:31:57, Info                  CSI    000002a3 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:31:57, Info                  CSI    000002a4 [SR] Beginning Verify and Repair transaction
2017-12-09 09:32:24, Info                  CSI    000002a6 [SR] Verify complete
2017-12-09 09:32:25, Info                  CSI    000002a7 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:32:25, Info                  CSI    000002a8 [SR] Beginning Verify and Repair transaction
2017-12-09 09:32:30, Info                  CSI    000002aa [SR] Verify complete
2017-12-09 09:32:31, Info                  CSI    000002ab [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:32:31, Info                  CSI    000002ac [SR] Beginning Verify and Repair transaction
2017-12-09 09:32:35, Info                  CSI    000002b0 [SR] Verify complete
2017-12-09 09:32:36, Info                  CSI    000002b1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:32:36, Info                  CSI    000002b2 [SR] Beginning Verify and Repair transaction
2017-12-09 09:32:39, Info                  CSI    000002b4 [SR] Verify complete
2017-12-09 09:32:40, Info                  CSI    000002b5 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:32:40, Info                  CSI    000002b6 [SR] Beginning Verify and Repair transaction
2017-12-09 09:32:44, Info                  CSI    000002b8 [SR] Verify complete
2017-12-09 09:32:45, Info                  CSI    000002b9 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:32:45, Info                  CSI    000002ba [SR] Beginning Verify and Repair transaction
2017-12-09 09:32:50, Info                  CSI    000002bc [SR] Verify complete
2017-12-09 09:32:51, Info                  CSI    000002bd [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:32:51, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
2017-12-09 09:32:56, Info                  CSI    000002c1 [SR] Verify complete
2017-12-09 09:32:56, Info                  CSI    000002c2 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:32:56, Info                  CSI    000002c3 [SR] Beginning Verify and Repair transaction
2017-12-09 09:33:01, Info                  CSI    000002c5 [SR] Verify complete
2017-12-09 09:33:01, Info                  CSI    000002c6 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:33:01, Info                  CSI    000002c7 [SR] Beginning Verify and Repair transaction
2017-12-09 09:33:07, Info                  CSI    000002c9 [SR] Verify complete
2017-12-09 09:33:08, Info                  CSI    000002ca [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:33:08, Info                  CSI    000002cb [SR] Beginning Verify and Repair transaction
2017-12-09 09:33:14, Info                  CSI    000002cd [SR] Verify complete
2017-12-09 09:33:14, Info                  CSI    000002ce [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:33:14, Info                  CSI    000002cf [SR] Beginning Verify and Repair transaction
2017-12-09 09:33:21, Info                  CSI    000002d2 [SR] Verify complete
2017-12-09 09:33:22, Info                  CSI    000002d3 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:33:22, Info                  CSI    000002d4 [SR] Beginning Verify and Repair transaction
2017-12-09 09:33:27, Info                  CSI    000002d6 [SR] Verify complete
2017-12-09 09:33:27, Info                  CSI    000002d7 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:33:27, Info                  CSI    000002d8 [SR] Beginning Verify and Repair transaction
2017-12-09 09:33:32, Info                  CSI    000002da [SR] Verify complete
2017-12-09 09:33:33, Info                  CSI    000002db [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:33:33, Info                  CSI    000002dc [SR] Beginning Verify and Repair transaction
2017-12-09 09:33:38, Info                  CSI    000002de [SR] Verify complete
2017-12-09 09:33:39, Info                  CSI    000002df [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:33:39, Info                  CSI    000002e0 [SR] Beginning Verify and Repair transaction
2017-12-09 09:33:46, Info                  CSI    000002e2 [SR] Verify complete
2017-12-09 09:33:46, Info                  CSI    000002e3 [SR] Verifying 20 (0x0000000000000014) components
2017-12-09 09:33:46, Info                  CSI    000002e4 [SR] Beginning Verify and Repair transaction
2017-12-09 09:33:47, Info                  CSI    000002e6 [SR] Verify complete
2017-12-09 09:33:47, Info                  CSI    000002e7 [SR] Repairing 1 components
2017-12-09 09:33:47, Info                  CSI    000002e8 [SR] Beginning Verify and Repair transaction
2017-12-09 09:33:47, Info                  CSI    000002ea [SR] Cannot repair member file [l:28{14}]"iassdo.dll.mui" of Microsoft-Windows-Networking-Internet_Authentication_Service_Iassdo.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-09 09:33:47, Info                  CSI    000002ec [SR] Cannot repair member file [l:28{14}]"iassdo.dll.mui" of Microsoft-Windows-Networking-Internet_Authentication_Service_Iassdo.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-09 09:33:47, Info                  CSI    000002ed [SR] This component was referenced by [l:266{133}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.Windows Foundation Language Pack"
2017-12-09 09:33:47, Info                  CSI    000002f0 [SR] Could not reproject corrupted file [ml:60{30},l:58{29}]"\??\C:\Windows\SysWOW64\en-US"\[l:28{14}]"iassdo.dll.mui"; source file in store is also corrupted
2017-12-09 09:33:47, Info                  CSI    000002f2 [SR] Repair complete
2017-12-09 09:33:47, Info                  CSI    000002f3 [SR] Committing transaction
2017-12-09 09:33:47, Info                  CSI    000002f7 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
2017-12-09 09:41:32, Info                  CSI    000002f8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:41:32, Info                  CSI    000002f9 [SR] Beginning Verify and Repair transaction
2017-12-09 09:41:36, Info                  CSI    000002fb [SR] Verify complete
2017-12-09 09:41:37, Info                  CSI    000002fc [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:41:37, Info                  CSI    000002fd [SR] Beginning Verify and Repair transaction
2017-12-09 09:41:40, Info                  CSI    000002ff [SR] Verify complete
2017-12-09 09:41:40, Info                  CSI    00000300 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:41:40, Info                  CSI    00000301 [SR] Beginning Verify and Repair transaction
2017-12-09 09:41:44, Info                  CSI    00000303 [SR] Verify complete
2017-12-09 09:41:44, Info                  CSI    00000304 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:41:44, Info                  CSI    00000305 [SR] Beginning Verify and Repair transaction
2017-12-09 09:41:47, Info                  CSI    00000307 [SR] Verify complete
2017-12-09 09:41:47, Info                  CSI    00000308 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:41:47, Info                  CSI    00000309 [SR] Beginning Verify and Repair transaction
2017-12-09 09:41:48, Info                  CSI    0000030b [SR] Verify complete
2017-12-09 09:41:49, Info                  CSI    0000030c [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:41:49, Info                  CSI    0000030d [SR] Beginning Verify and Repair transaction
2017-12-09 09:41:53, Info                  CSI    0000030f [SR] Verify complete
2017-12-09 09:41:53, Info                  CSI    00000310 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:41:53, Info                  CSI    00000311 [SR] Beginning Verify and Repair transaction
2017-12-09 09:42:01, Info                  CSI    00000316 [SR] Verify complete
2017-12-09 09:42:01, Info                  CSI    00000317 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:42:01, Info                  CSI    00000318 [SR] Beginning Verify and Repair transaction
2017-12-09 09:42:05, Info                  CSI    0000031a [SR] Verify complete
2017-12-09 09:42:06, Info                  CSI    0000031b [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:42:06, Info                  CSI    0000031c [SR] Beginning Verify and Repair transaction
2017-12-09 09:42:11, Info                  CSI    00000320 [SR] Verify complete
2017-12-09 09:42:11, Info                  CSI    00000321 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:42:11, Info                  CSI    00000322 [SR] Beginning Verify and Repair transaction
2017-12-09 09:42:16, Info                  CSI    00000324 [SR] Verify complete
2017-12-09 09:42:16, Info                  CSI    00000325 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:42:16, Info                  CSI    00000326 [SR] Beginning Verify and Repair transaction
2017-12-09 09:42:27, Info                  CSI    00000348 [SR] Verify complete
2017-12-09 09:42:27, Info                  CSI    00000349 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:42:27, Info                  CSI    0000034a [SR] Beginning Verify and Repair transaction
2017-12-09 09:42:34, Info                  CSI    0000034f [SR] Verify complete
2017-12-09 09:42:34, Info                  CSI    00000350 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:42:34, Info                  CSI    00000351 [SR] Beginning Verify and Repair transaction
2017-12-09 09:42:41, Info                  CSI    00000353 [SR] Verify complete
2017-12-09 09:42:41, Info                  CSI    00000354 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:42:41, Info                  CSI    00000355 [SR] Beginning Verify and Repair transaction
2017-12-09 09:42:47, Info                  CSI    00000357 [SR] Verify complete
2017-12-09 09:42:48, Info                  CSI    00000358 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:42:48, Info                  CSI    00000359 [SR] Beginning Verify and Repair transaction
2017-12-09 09:42:53, Info                  CSI    0000035b [SR] Verify complete
2017-12-09 09:42:53, Info                  CSI    0000035c [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:42:53, Info                  CSI    0000035d [SR] Beginning Verify and Repair transaction
2017-12-09 09:42:59, Info                  CSI    0000035f [SR] Verify complete
2017-12-09 09:42:59, Info                  CSI    00000360 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:42:59, Info                  CSI    00000361 [SR] Beginning Verify and Repair transaction
2017-12-09 09:43:08, Info                  CSI    00000365 [SR] Verify complete
2017-12-09 09:43:08, Info                  CSI    00000366 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:43:08, Info                  CSI    00000367 [SR] Beginning Verify and Repair transaction
2017-12-09 09:43:21, Info                  CSI    00000388 [SR] Verify complete
2017-12-09 09:43:21, Info                  CSI    00000389 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:43:21, Info                  CSI    0000038a [SR] Beginning Verify and Repair transaction
2017-12-09 09:43:35, Info                  CSI    0000038c [SR] Verify complete
2017-12-09 09:43:35, Info                  CSI    0000038d [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:43:35, Info                  CSI    0000038e [SR] Beginning Verify and Repair transaction
2017-12-09 09:43:51, Info                  CSI    00000390 [SR] Verify complete
2017-12-09 09:43:51, Info                  CSI    00000391 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:43:51, Info                  CSI    00000392 [SR] Beginning Verify and Repair transaction
2017-12-09 09:43:55, Info                  CSI    00000396 [SR] Verify complete
2017-12-09 09:43:55, Info                  CSI    00000397 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:43:55, Info                  CSI    00000398 [SR] Beginning Verify and Repair transaction
2017-12-09 09:43:58, Info                  CSI    0000039a [SR] Verify complete
2017-12-09 09:43:59, Info                  CSI    0000039b [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:43:59, Info                  CSI    0000039c [SR] Beginning Verify and Repair transaction
2017-12-09 09:44:00, Info                  CSI    0000039e [SR] Verify complete
2017-12-09 09:44:01, Info                  CSI    0000039f [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:44:01, Info                  CSI    000003a0 [SR] Beginning Verify and Repair transaction
2017-12-09 09:44:08, Info                  CSI    000003a4 [SR] Verify complete
2017-12-09 09:44:09, Info                  CSI    000003a5 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:44:09, Info                  CSI    000003a6 [SR] Beginning Verify and Repair transaction
2017-12-09 09:44:18, Info                  CSI    000003b7 [SR] Verify complete
2017-12-09 09:44:19, Info                  CSI    000003b8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:44:19, Info                  CSI    000003b9 [SR] Beginning Verify and Repair transaction
2017-12-09 09:44:20, Info                  CSI    000003bb [SR] Verify complete
2017-12-09 09:44:21, Info                  CSI    000003bc [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:44:21, Info                  CSI    000003bd [SR] Beginning Verify and Repair transaction
2017-12-09 09:44:25, Info                  CSI    000003bf [SR] Verify complete
2017-12-09 09:44:25, Info                  CSI    000003c0 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:44:25, Info                  CSI    000003c1 [SR] Beginning Verify and Repair transaction
2017-12-09 09:44:29, Info                  CSI    000003c3 [SR] Verify complete
2017-12-09 09:44:29, Info                  CSI    000003c4 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:44:29, Info                  CSI    000003c5 [SR] Beginning Verify and Repair transaction
2017-12-09 09:44:38, Info                  CSI    000003c8 [SR] Verify complete
2017-12-09 09:44:38, Info                  CSI    000003c9 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:44:38, Info                  CSI    000003ca [SR] Beginning Verify and Repair transaction
2017-12-09 09:44:47, Info                  CSI    000003cc [SR] Verify complete
2017-12-09 09:44:48, Info                  CSI    000003cd [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:44:48, Info                  CSI    000003ce [SR] Beginning Verify and Repair transaction
2017-12-09 09:44:50, Info                  CSI    000003d0 [SR] Verify complete
2017-12-09 09:44:51, Info                  CSI    000003d1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:44:51, Info                  CSI    000003d2 [SR] Beginning Verify and Repair transaction
2017-12-09 09:44:53, Info                  CSI    000003d4 [SR] Verify complete
2017-12-09 09:44:54, Info                  CSI    000003d5 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:44:54, Info                  CSI    000003d6 [SR] Beginning Verify and Repair transaction
2017-12-09 09:45:02, Info                  CSI    000003d8 [SR] Verify complete
2017-12-09 09:45:03, Info                  CSI    000003d9 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:45:03, Info                  CSI    000003da [SR] Beginning Verify and Repair transaction
2017-12-09 09:45:09, Info                  CSI    000003dc [SR] Verify complete
2017-12-09 09:45:10, Info                  CSI    000003dd [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:45:10, Info                  CSI    000003de [SR] Beginning Verify and Repair transaction
2017-12-09 09:45:21, Info                  CSI    000003e0 [SR] Verify complete
2017-12-09 09:45:22, Info                  CSI    000003e1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:45:22, Info                  CSI    000003e2 [SR] Beginning Verify and Repair transaction
2017-12-09 09:45:36, Info                  CSI    000003fa [SR] Verify complete
2017-12-09 09:45:36, Info                  CSI    000003fb [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:45:36, Info                  CSI    000003fc [SR] Beginning Verify and Repair transaction
2017-12-09 09:45:42, Info                  CSI    000003fe [SR] Verify complete
2017-12-09 09:45:43, Info                  CSI    000003ff [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:45:43, Info                  CSI    00000400 [SR] Beginning Verify and Repair transaction
2017-12-09 09:46:02, Info                  CSI    00000402 [SR] Verify complete
2017-12-09 09:46:02, Info                  CSI    00000403 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:46:02, Info                  CSI    00000404 [SR] Beginning Verify and Repair transaction
2017-12-09 09:46:15, Info                  CSI    00000407 [SR] Verify complete
2017-12-09 09:46:15, Info                  CSI    00000408 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:46:15, Info                  CSI    00000409 [SR] Beginning Verify and Repair transaction
2017-12-09 09:46:23, Info                  CSI    0000040b [SR] Verify complete
2017-12-09 09:46:23, Info                  CSI    0000040c [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:46:23, Info                  CSI    0000040d [SR] Beginning Verify and Repair transaction
2017-12-09 09:46:29, Info                  CSI    0000040f [SR] Verify complete
2017-12-09 09:46:29, Info                  CSI    00000410 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:46:29, Info                  CSI    00000411 [SR] Beginning Verify and Repair transaction
2017-12-09 09:46:34, Info                  CSI    00000413 [SR] Verify complete
2017-12-09 09:46:35, Info                  CSI    00000414 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:46:35, Info                  CSI    00000415 [SR] Beginning Verify and Repair transaction
2017-12-09 09:46:39, Info                  CSI    00000417 [SR] Verify complete
2017-12-09 09:46:40, Info                  CSI    00000418 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:46:40, Info                  CSI    00000419 [SR] Beginning Verify and Repair transaction
2017-12-09 09:46:45, Info                  CSI    0000041d [SR] Verify complete
2017-12-09 09:46:45, Info                  CSI    0000041e [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:46:45, Info                  CSI    0000041f [SR] Beginning Verify and Repair transaction
2017-12-09 09:47:03, Info                  CSI    00000421 [SR] Verify complete
2017-12-09 09:47:03, Info                  CSI    00000422 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:47:03, Info                  CSI    00000423 [SR] Beginning Verify and Repair transaction
2017-12-09 09:47:15, Info                  CSI    00000426 [SR] Verify complete
2017-12-09 09:47:15, Info                  CSI    00000427 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:47:15, Info                  CSI    00000428 [SR] Beginning Verify and Repair transaction
2017-12-09 09:47:25, Info                  CSI    0000042a [SR] Verify complete
2017-12-09 09:47:25, Info                  CSI    0000042b [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:47:25, Info                  CSI    0000042c [SR] Beginning Verify and Repair transaction
2017-12-09 09:47:32, Info                  CSI    0000042f [SR] Verify complete
2017-12-09 09:47:33, Info                  CSI    00000430 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:47:33, Info                  CSI    00000431 [SR] Beginning Verify and Repair transaction
2017-12-09 09:47:41, Info                  CSI    00000433 [SR] Verify complete
2017-12-09 09:47:41, Info                  CSI    00000434 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:47:41, Info                  CSI    00000435 [SR] Beginning Verify and Repair transaction
2017-12-09 09:47:53, Info                  CSI    00000438 [SR] Verify complete
2017-12-09 09:47:53, Info                  CSI    00000439 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:47:53, Info                  CSI    0000043a [SR] Beginning Verify and Repair transaction
2017-12-09 09:48:01, Info                  CSI    0000043c [SR] Verify complete
2017-12-09 09:48:01, Info                  CSI    0000043d [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:48:01, Info                  CSI    0000043e [SR] Beginning Verify and Repair transaction
2017-12-09 09:48:09, Info                  CSI    00000440 [SR] Verify complete
2017-12-09 09:48:09, Info                  CSI    00000441 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:48:09, Info                  CSI    00000442 [SR] Beginning Verify and Repair transaction
2017-12-09 09:48:14, Info                  CSI    00000444 [SR] Verify complete
2017-12-09 09:48:15, Info                  CSI    00000445 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:48:15, Info                  CSI    00000446 [SR] Beginning Verify and Repair transaction
2017-12-09 09:48:23, Info                  CSI    00000449 [SR] Verify complete
2017-12-09 09:48:23, Info                  CSI    0000044a [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:48:23, Info                  CSI    0000044b [SR] Beginning Verify and Repair transaction
2017-12-09 09:48:29, Info                  CSI    0000044d [SR] Verify complete
2017-12-09 09:48:29, Info                  CSI    0000044e [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:48:29, Info                  CSI    0000044f [SR] Beginning Verify and Repair transaction
2017-12-09 09:48:39, Info                  CSI    00000452 [SR] Verify complete
2017-12-09 09:48:39, Info                  CSI    00000453 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:48:39, Info                  CSI    00000454 [SR] Beginning Verify and Repair transaction
2017-12-09 09:48:48, Info                  CSI    00000456 [SR] Verify complete
2017-12-09 09:48:49, Info                  CSI    00000457 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:48:49, Info                  CSI    00000458 [SR] Beginning Verify and Repair transaction
2017-12-09 09:48:56, Info                  CSI    0000045c [SR] Verify complete
2017-12-09 09:48:57, Info                  CSI    0000045d [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:48:57, Info                  CSI    0000045e [SR] Beginning Verify and Repair transaction
2017-12-09 09:49:07, Info                  CSI    00000460 [SR] Verify complete
2017-12-09 09:49:07, Info                  CSI    00000461 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:49:07, Info                  CSI    00000462 [SR] Beginning Verify and Repair transaction
2017-12-09 09:49:17, Info                  CSI    00000465 [SR] Verify complete
2017-12-09 09:49:18, Info                  CSI    00000466 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:49:18, Info                  CSI    00000467 [SR] Beginning Verify and Repair transaction
2017-12-09 09:49:23, Info                  CSI    00000469 [SR] Verify complete
2017-12-09 09:49:23, Info                  CSI    0000046a [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:49:23, Info                  CSI    0000046b [SR] Beginning Verify and Repair transaction
2017-12-09 09:49:26, Info                  CSI    0000046d [SR] Verify complete
2017-12-09 09:49:26, Info                  CSI    0000046e [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:49:26, Info                  CSI    0000046f [SR] Beginning Verify and Repair transaction
2017-12-09 09:49:33, Info                  CSI    00000471 [SR] Verify complete
2017-12-09 09:49:33, Info                  CSI    00000472 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:49:33, Info                  CSI    00000473 [SR] Beginning Verify and Repair transaction
2017-12-09 09:49:39, Info                  CSI    00000475 [SR] Verify complete
2017-12-09 09:49:39, Info                  CSI    00000476 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:49:39, Info                  CSI    00000477 [SR] Beginning Verify and Repair transaction
2017-12-09 09:49:47, Info                  CSI    00000479 [SR] Verify complete
2017-12-09 09:49:47, Info                  CSI    0000047a [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:49:47, Info                  CSI    0000047b [SR] Beginning Verify and Repair transaction
2017-12-09 09:49:51, Info                  CSI    0000047d [SR] Verify complete
2017-12-09 09:49:51, Info                  CSI    0000047e [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:49:51, Info                  CSI    0000047f [SR] Beginning Verify and Repair transaction
2017-12-09 09:49:57, Info                  CSI    00000481 [SR] Verify complete
2017-12-09 09:49:58, Info                  CSI    00000482 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:49:58, Info                  CSI    00000483 [SR] Beginning Verify and Repair transaction
2017-12-09 09:50:13, Info                  CSI    00000485 [SR] Verify complete
2017-12-09 09:50:14, Info                  CSI    00000486 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:50:14, Info                  CSI    00000487 [SR] Beginning Verify and Repair transaction
2017-12-09 09:50:33, Info                  CSI    00000489 [SR] Verify complete
2017-12-09 09:50:34, Info                  CSI    0000048a [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:50:34, Info                  CSI    0000048b [SR] Beginning Verify and Repair transaction
2017-12-09 09:50:40, Info                  CSI    0000048d [SR] Verify complete
2017-12-09 09:50:40, Info                  CSI    0000048e [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:50:40, Info                  CSI    0000048f [SR] Beginning Verify and Repair transaction
2017-12-09 09:50:45, Info                  CSI    00000491 [SR] Verify complete
2017-12-09 09:50:45, Info                  CSI    00000492 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:50:45, Info                  CSI    00000493 [SR] Beginning Verify and Repair transaction
2017-12-09 09:50:48, Info                  CSI    00000495 [SR] Verify complete
2017-12-09 09:50:49, Info                  CSI    00000496 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:50:49, Info                  CSI    00000497 [SR] Beginning Verify and Repair transaction
2017-12-09 09:50:52, Info                  CSI    00000499 [SR] Verify complete
2017-12-09 09:50:53, Info                  CSI    0000049a [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:50:53, Info                  CSI    0000049b [SR] Beginning Verify and Repair transaction
2017-12-09 09:50:58, Info                  CSI    0000049d [SR] Verify complete
2017-12-09 09:50:59, Info                  CSI    0000049e [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:50:59, Info                  CSI    0000049f [SR] Beginning Verify and Repair transaction
2017-12-09 09:51:09, Info                  CSI    000004a7 [SR] Verify complete
2017-12-09 09:51:10, Info                  CSI    000004a8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:51:10, Info                  CSI    000004a9 [SR] Beginning Verify and Repair transaction
2017-12-09 09:51:13, Info                  CSI    000004ab [SR] Verify complete
2017-12-09 09:51:14, Info                  CSI    000004ac [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:51:14, Info                  CSI    000004ad [SR] Beginning Verify and Repair transaction
2017-12-09 09:51:17, Info                  CSI    000004af [SR] Verify complete
2017-12-09 09:51:18, Info                  CSI    000004b0 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:51:18, Info                  CSI    000004b1 [SR] Beginning Verify and Repair transaction
2017-12-09 09:51:21, Info                  CSI    000004b3 [SR] Verify complete
2017-12-09 09:51:22, Info                  CSI    000004b4 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:51:22, Info                  CSI    000004b5 [SR] Beginning Verify and Repair transaction
2017-12-09 09:51:28, Info                  CSI    000004b7 [SR] Verify complete
2017-12-09 09:51:28, Info                  CSI    000004b8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:51:28, Info                  CSI    000004b9 [SR] Beginning Verify and Repair transaction
2017-12-09 09:51:39, Info                  CSI    000004bc [SR] Verify complete
2017-12-09 09:51:40, Info                  CSI    000004bd [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:51:40, Info                  CSI    000004be [SR] Beginning Verify and Repair transaction
2017-12-09 09:51:44, Info                  CSI    000004c0 [SR] Verify complete
2017-12-09 09:51:44, Info                  CSI    000004c1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:51:44, Info                  CSI    000004c2 [SR] Beginning Verify and Repair transaction
2017-12-09 09:51:47, Info                  CSI    000004c4 [SR] Verify complete
2017-12-09 09:51:48, Info                  CSI    000004c5 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:51:48, Info                  CSI    000004c6 [SR] Beginning Verify and Repair transaction
2017-12-09 09:52:04, Info                  CSI    000004cb [SR] Verify complete
2017-12-09 09:52:05, Info                  CSI    000004cc [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:52:05, Info                  CSI    000004cd [SR] Beginning Verify and Repair transaction
2017-12-09 09:52:17, Info                  CSI    000004d0 [SR] Verify complete
2017-12-09 09:52:18, Info                  CSI    000004d1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:52:18, Info                  CSI    000004d2 [SR] Beginning Verify and Repair transaction
2017-12-09 09:52:24, Info                  CSI    000004d6 [SR] Verify complete
2017-12-09 09:52:25, Info                  CSI    000004d7 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:52:25, Info                  CSI    000004d8 [SR] Beginning Verify and Repair transaction
2017-12-09 09:52:33, Info                  CSI    000004e3 [SR] Verify complete
2017-12-09 09:52:34, Info                  CSI    000004e4 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:52:34, Info                  CSI    000004e5 [SR] Beginning Verify and Repair transaction
2017-12-09 09:52:44, Info                  CSI    000004ec [SR] Verify complete
2017-12-09 09:52:45, Info                  CSI    000004ed [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:52:45, Info                  CSI    000004ee [SR] Beginning Verify and Repair transaction
2017-12-09 09:52:50, Info                  CSI    000004f0 [SR] Verify complete
2017-12-09 09:52:50, Info                  CSI    000004f1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:52:50, Info                  CSI    000004f2 [SR] Beginning Verify and Repair transaction
2017-12-09 09:52:56, Info                  CSI    000004f6 [SR] Verify complete
2017-12-09 09:52:56, Info                  CSI    000004f7 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:52:56, Info                  CSI    000004f8 [SR] Beginning Verify and Repair transaction
2017-12-09 09:53:01, Info                  CSI    000004fa [SR] Verify complete
2017-12-09 09:53:02, Info                  CSI    000004fb [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:53:02, Info                  CSI    000004fc [SR] Beginning Verify and Repair transaction
2017-12-09 09:53:11, Info                  CSI    00000521 [SR] Verify complete
2017-12-09 09:53:12, Info                  CSI    00000522 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:53:12, Info                  CSI    00000523 [SR] Beginning Verify and Repair transaction
2017-12-09 09:53:16, Info                  CSI    00000525 [SR] Verify complete
2017-12-09 09:53:17, Info                  CSI    00000526 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:53:17, Info                  CSI    00000527 [SR] Beginning Verify and Repair transaction
2017-12-09 09:53:21, Info                  CSI    00000529 [SR] Verify complete
2017-12-09 09:53:22, Info                  CSI    0000052a [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:53:22, Info                  CSI    0000052b [SR] Beginning Verify and Repair transaction
2017-12-09 09:53:26, Info                  CSI    0000052d [SR] Verify complete
2017-12-09 09:53:26, Info                  CSI    0000052e [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:53:26, Info                  CSI    0000052f [SR] Beginning Verify and Repair transaction
2017-12-09 09:53:31, Info                  CSI    0000053d [SR] Verify complete
2017-12-09 09:53:32, Info                  CSI    0000053e [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:53:32, Info                  CSI    0000053f [SR] Beginning Verify and Repair transaction
2017-12-09 09:53:42, Info                  CSI    00000541 [SR] Verify complete
2017-12-09 09:53:42, Info                  CSI    00000542 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:53:42, Info                  CSI    00000543 [SR] Beginning Verify and Repair transaction
2017-12-09 09:53:52, Info                  CSI    00000551 [SR] Verify complete
2017-12-09 09:53:52, Info                  CSI    00000552 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:53:52, Info                  CSI    00000553 [SR] Beginning Verify and Repair transaction
2017-12-09 09:53:55, Info                  CSI    00000555 [SR] Verify complete
2017-12-09 09:53:56, Info                  CSI    00000556 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:53:56, Info                  CSI    00000557 [SR] Beginning Verify and Repair transaction
2017-12-09 09:54:03, Info                  CSI    00000559 [SR] Verify complete
2017-12-09 09:54:03, Info                  CSI    0000055a [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:54:03, Info                  CSI    0000055b [SR] Beginning Verify and Repair transaction
2017-12-09 09:54:07, Info                  CSI    0000055d [SR] Verify complete
2017-12-09 09:54:07, Info                  CSI    0000055e [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:54:07, Info                  CSI    0000055f [SR] Beginning Verify and Repair transaction
2017-12-09 09:54:09, Info                  CSI    00000561 [SR] Verify complete
2017-12-09 09:54:10, Info                  CSI    00000562 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:54:10, Info                  CSI    00000563 [SR] Beginning Verify and Repair transaction
2017-12-09 09:54:17, Info                  CSI    00000565 [SR] Verify complete
2017-12-09 09:54:17, Info                  CSI    00000566 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:54:17, Info                  CSI    00000567 [SR] Beginning Verify and Repair transaction
2017-12-09 09:54:22, Info                  CSI    00000569 [SR] Verify complete
2017-12-09 09:54:23, Info                  CSI    0000056a [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:54:23, Info                  CSI    0000056b [SR] Beginning Verify and Repair transaction
2017-12-09 09:54:34, Info                  CSI    00000585 [SR] Verify complete
2017-12-09 09:54:34, Info                  CSI    00000586 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:54:34, Info                  CSI    00000587 [SR] Beginning Verify and Repair transaction
2017-12-09 09:54:37, Info                  CSI    00000589 [SR] Cannot repair member file [l:28{14}]"iassdo.dll.mui" of Microsoft-Windows-Networking-Internet_Authentication_Service_Iassdo.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-09 09:54:38, Info                  CSI    0000058b [SR] Cannot repair member file [l:28{14}]"iassdo.dll.mui" of Microsoft-Windows-Networking-Internet_Authentication_Service_Iassdo.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-09 09:54:38, Info                  CSI    0000058c [SR] This component was referenced by [l:266{133}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.Windows Foundation Language Pack"
2017-12-09 09:54:38, Info                  CSI    0000058f [SR] Could not reproject corrupted file [ml:60{30},l:58{29}]"\??\C:\Windows\SysWOW64\en-US"\[l:28{14}]"iassdo.dll.mui"; source file in store is also corrupted
2017-12-09 09:54:40, Info                  CSI    00000591 [SR] Verify complete
2017-12-09 09:54:40, Info                  CSI    00000592 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:54:40, Info                  CSI    00000593 [SR] Beginning Verify and Repair transaction
2017-12-09 09:55:01, Info                  CSI    00000595 [SR] Verify complete
2017-12-09 09:55:01, Info                  CSI    00000596 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:55:01, Info                  CSI    00000597 [SR] Beginning Verify and Repair transaction
2017-12-09 09:55:06, Info                  CSI    00000599 [SR] Verify complete
2017-12-09 09:55:07, Info                  CSI    0000059a [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:55:07, Info                  CSI    0000059b [SR] Beginning Verify and Repair transaction
2017-12-09 09:55:11, Info                  CSI    0000059f [SR] Verify complete
2017-12-09 09:55:11, Info                  CSI    000005a0 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:55:11, Info                  CSI    000005a1 [SR] Beginning Verify and Repair transaction
2017-12-09 09:55:14, Info                  CSI    000005a3 [SR] Verify complete
2017-12-09 09:55:15, Info                  CSI    000005a4 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:55:15, Info                  CSI    000005a5 [SR] Beginning Verify and Repair transaction
2017-12-09 09:55:19, Info                  CSI    000005a7 [SR] Verify complete
2017-12-09 09:55:19, Info                  CSI    000005a8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:55:19, Info                  CSI    000005a9 [SR] Beginning Verify and Repair transaction
2017-12-09 09:55:25, Info                  CSI    000005ab [SR] Verify complete
2017-12-09 09:55:25, Info                  CSI    000005ac [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:55:25, Info                  CSI    000005ad [SR] Beginning Verify and Repair transaction
2017-12-09 09:55:30, Info                  CSI    000005b0 [SR] Verify complete
2017-12-09 09:55:31, Info                  CSI    000005b1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:55:31, Info                  CSI    000005b2 [SR] Beginning Verify and Repair transaction
2017-12-09 09:55:35, Info                  CSI    000005b4 [SR] Verify complete
2017-12-09 09:55:36, Info                  CSI    000005b5 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:55:36, Info                  CSI    000005b6 [SR] Beginning Verify and Repair transaction
2017-12-09 09:55:40, Info                  CSI    000005b8 [SR] Verify complete
2017-12-09 09:55:41, Info                  CSI    000005b9 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:55:41, Info                  CSI    000005ba [SR] Beginning Verify and Repair transaction
2017-12-09 09:55:46, Info                  CSI    000005bc [SR] Verify complete
2017-12-09 09:55:47, Info                  CSI    000005bd [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:55:47, Info                  CSI    000005be [SR] Beginning Verify and Repair transaction
2017-12-09 09:55:53, Info                  CSI    000005c1 [SR] Verify complete
2017-12-09 09:55:53, Info                  CSI    000005c2 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:55:53, Info                  CSI    000005c3 [SR] Beginning Verify and Repair transaction
2017-12-09 09:55:58, Info                  CSI    000005c5 [SR] Verify complete
2017-12-09 09:55:58, Info                  CSI    000005c6 [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:55:58, Info                  CSI    000005c7 [SR] Beginning Verify and Repair transaction
2017-12-09 09:56:02, Info                  CSI    000005c9 [SR] Verify complete
2017-12-09 09:56:02, Info                  CSI    000005ca [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:56:02, Info                  CSI    000005cb [SR] Beginning Verify and Repair transaction
2017-12-09 09:56:07, Info                  CSI    000005cd [SR] Verify complete
2017-12-09 09:56:07, Info                  CSI    000005ce [SR] Verifying 100 (0x0000000000000064) components
2017-12-09 09:56:07, Info                  CSI    000005cf [SR] Beginning Verify and Repair transaction
2017-12-09 09:56:13, Info                  CSI    000005d1 [SR] Verify complete
2017-12-09 09:56:13, Info                  CSI    000005d2 [SR] Verifying 20 (0x0000000000000014) components
2017-12-09 09:56:13, Info                  CSI    000005d3 [SR] Beginning Verify and Repair transaction
2017-12-09 09:56:14, Info                  CSI    000005d5 [SR] Verify complete
2017-12-09 09:56:14, Info                  CSI    000005d6 [SR] Repairing 1 components
2017-12-09 09:56:14, Info                  CSI    000005d7 [SR] Beginning Verify and Repair transaction
2017-12-09 09:56:14, Info                  CSI    000005d9 [SR] Cannot repair member file [l:28{14}]"iassdo.dll.mui" of Microsoft-Windows-Networking-Internet_Authentication_Service_Iassdo.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-09 09:56:14, Info                  CSI    000005db [SR] Cannot repair member file [l:28{14}]"iassdo.dll.mui" of Microsoft-Windows-Networking-Internet_Authentication_Service_Iassdo.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-09 09:56:14, Info                  CSI    000005dc [SR] This component was referenced by [l:266{133}]"Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385.Windows Foundation Language Pack"
2017-12-09 09:56:14, Info                  CSI    000005df [SR] Could not reproject corrupted file [ml:60{30},l:58{29}]"\??\C:\Windows\SysWOW64\en-US"\[l:28{14}]"iassdo.dll.mui"; source file in store is also corrupted
2017-12-09 09:56:14, Info                  CSI    000005e1 [SR] Repair complete
2017-12-09 09:56:14, Info                  CSI    000005e2 [SR] Committing transaction
2017-12-09 09:56:14, Info                  CSI    000005e6 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/12/2017 8:59:48 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/12/2017 12:42:55 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 10/12/2017 12:23:35 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/12/2017 12:58:31 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 6 time(s).
 
Log: 'System' Date/Time: 11/12/2017 12:58:31 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Search service terminated with the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 11/12/2017 12:58:06 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 5 time(s).
 
Log: 'System' Date/Time: 11/12/2017 12:58:06 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Search service terminated with the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 11/12/2017 12:45:20 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 4 time(s).
 
Log: 'System' Date/Time: 11/12/2017 12:45:20 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Search service terminated with the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 11/12/2017 12:45:07 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 3 time(s).
 
Log: 'System' Date/Time: 11/12/2017 12:45:07 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Search service terminated with the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 11/12/2017 12:44:36 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 11/12/2017 12:44:35 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Search service terminated with the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 11/12/2017 12:44:03 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 11/12/2017 12:44:03 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Search service terminated with the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 11/12/2017 12:43:01 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 10:42:09 PM on ?12/?10/?2017 was unexpected.
 
Log: 'System' Date/Time: 10/12/2017 12:06:19 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 13 time(s).
 
Log: 'System' Date/Time: 10/12/2017 12:06:19 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Search service terminated with the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 10/12/2017 10:47:47 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 12 time(s).
 
Log: 'System' Date/Time: 10/12/2017 10:47:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Search service terminated with the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 10/12/2017 6:43:11 AM
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.
 
Log: 'System' Date/Time: 10/12/2017 4:23:56 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 11 time(s).
 
Log: 'System' Date/Time: 10/12/2017 4:23:56 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Search service terminated with the following error:  The system cannot find the file specified.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/12/2017 2:47:13 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 2 seconds since the last report.
 
Log: 'System' Date/Time: 10/12/2017 2:47:13 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 2 seconds since the last report.
 
Log: 'System' Date/Time: 10/12/2017 2:47:13 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 2 seconds since the last report.
 
Log: 'System' Date/Time: 10/12/2017 2:47:13 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 2 seconds since the last report.
 
Log: 'System' Date/Time: 10/12/2017 12:47:05 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 10/12/2017 12:47:05 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 09/12/2017 11:48:10 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.voip timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 09/12/2017 6:55:29 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/12/2017 6:55:28 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 09/12/2017 11:02:00 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.voip timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 09/12/2017 3:59:18 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 24 seconds since the last report.
 
Log: 'System' Date/Time: 09/12/2017 3:59:18 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 24 seconds since the last report.
 
Log: 'System' Date/Time: 09/12/2017 3:59:18 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 24 seconds since the last report.
 
Log: 'System' Date/Time: 09/12/2017 3:59:18 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 24 seconds since the last report.
 
Log: 'System' Date/Time: 09/12/2017 1:13:08 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/12/2017 1:13:08 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/12/2017 9:02:39 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/12/2017 12:58:31 AM
Type: Error Category: 3
Event: 7010 Source: Microsoft-Windows-Search
The index cannot be initialized.
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:58:31 AM
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.
 
Context: Windows Application
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:58:31 AM
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:58:31 AM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:58:06 AM
Type: Error Category: 3
Event: 7010 Source: Microsoft-Windows-Search
The index cannot be initialized.
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:58:06 AM
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.
 
Context: Windows Application
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:58:06 AM
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:58:06 AM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:54:24 AM
Type: Error Category: 0
Event: 0 Source: Office 2013 Licensing Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 11/12/2017 12:45:20 AM
Type: Error Category: 3
Event: 7010 Source: Microsoft-Windows-Search
The index cannot be initialized.
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:45:20 AM
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.
 
Context: Windows Application
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:45:20 AM
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:45:20 AM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:45:07 AM
Type: Error Category: 3
Event: 7010 Source: Microsoft-Windows-Search
The index cannot be initialized.
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:45:07 AM
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.
 
Context: Windows Application
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:45:07 AM
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:45:07 AM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:44:35 AM
Type: Error Category: 3
Event: 7010 Source: Microsoft-Windows-Search
The index cannot be initialized.
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:44:35 AM
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.
 
Context: Windows Application
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
Log: 'Application' Date/Time: 11/12/2017 12:44:35 AM
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The system cannot find the file specified.  (HRESULT : 0x80070002) (0x80070002)
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/12/2017 12:43:05 AM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.
 
Log: 'Application' Date/Time: 10/12/2017 1:52:51 AM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.
 
Log: 'Application' Date/Time: 10/12/2017 12:47:01 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   3 user registry handles leaked from \Registry\User\S-1-5-21-1141224537-1566625622-1964642510-1000:
Process 1324 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1141224537-1566625622-1964642510-1000
Process 1324 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1141224537-1566625622-1964642510-1000
Process 1324 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1141224537-1566625622-1964642510-1000
 
 
Log: 'Application' Date/Time: 10/12/2017 12:23:45 AM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.
 
Log: 'Application' Date/Time: 09/12/2017 11:47:00 PM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.
 
Log: 'Application' Date/Time: 09/12/2017 6:55:25 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   3 user registry handles leaked from \Registry\User\S-1-5-21-1141224537-1566625622-1964642510-1000:
Process 1316 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1141224537-1566625622-1964642510-1000
Process 1316 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1141224537-1566625622-1964642510-1000
Process 1316 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1141224537-1566625622-1964642510-1000
 
 
Log: 'Application' Date/Time: 09/12/2017 7:14:39 AM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 1013 for the Windows Search Service has been suppressed 104 time(s) since 12:41:54 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time.  See Event ID 1013 for further details on this event.
 
Log: 'Application' Date/Time: 09/12/2017 7:14:39 AM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 7010 for the Windows Search Service has been suppressed 104 time(s) since 12:41:54 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time.  See Event ID 7010 for further details on this event.
 
Log: 'Application' Date/Time: 09/12/2017 7:14:39 AM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3058 for the Windows Search Service has been suppressed 104 time(s) since 12:41:54 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time.  See Event ID 3058 for further details on this event.
 
Log: 'Application' Date/Time: 09/12/2017 7:14:39 AM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3028 for the Windows Search Service has been suppressed 104 time(s) since 12:41:54 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time.  See Event ID 3028 for further details on this event.
 
Log: 'Application' Date/Time: 09/12/2017 7:14:39 AM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3029 for the Windows Search Service has been suppressed 104 time(s) since 12:41:54 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time.  See Event ID 3029 for further details on this event.
 
Log: 'Application' Date/Time: 09/12/2017 4:37:52 AM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 1013 for the Windows Search Service has been suppressed 3 time(s) since 9:15:38 AM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time.  See Event ID 1013 for further details on this event.
 
Log: 'Application' Date/Time: 09/12/2017 4:37:52 AM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 7010 for the Windows Search Service has been suppressed 3 time(s) since 9:15:37 AM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time.  See Event ID 7010 for further details on this event.
 
Log: 'Application' Date/Time: 09/12/2017 4:37:52 AM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3058 for the Windows Search Service has been suppressed 3 time(s) since 9:15:37 AM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time.  See Event ID 3058 for further details on this event.
 
Log: 'Application' Date/Time: 09/12/2017 4:37:52 AM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3028 for the Windows Search Service has been suppressed 3 time(s) since 9:15:37 AM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time.  See Event ID 3028 for further details on this event.
 
Log: 'Application' Date/Time: 09/12/2017 4:37:52 AM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3029 for the Windows Search Service has been suppressed 3 time(s) since 9:15:37 AM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time.  See Event ID 3029 for further details on this event.
 
Log: 'Application' Date/Time: 09/12/2017 1:13:42 AM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.
 
Log: 'Application' Date/Time: 09/12/2017 1:13:04 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   3 user registry handles leaked from \Registry\User\S-1-5-21-1141224537-1566625622-1964642510-1000:
Process 1404 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1141224537-1566625622-1964642510-1000
Process 1404 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1141224537-1566625622-1964642510-1000
Process 1404 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1141224537-1566625622-1964642510-1000
 
 
 

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

The file it doesn't like is iassdo.dll.mui

it's a language pack file so not very important but

 

You can get sfcfix

http://www.majorgeek...ils/sfcfix.html

 

Download, Save and Right click on it and Run As Admin.

 

You may have to rerun sfc /scannow as the info it uses does not stay in the cbs log that long.

 

You have a bigger problem tho:

 

Log: 'Application' Date/Time: 09/12/2017 11:47:00 PM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.
 

 

 
 
Windows wants you to reactivate your license:

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP