Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop is very slow and thats being nice hahaha

Started by richclan , Jan 26 2018 04:25 PM

  • Please log in to reply

#1
richclan
Posted 26 January 2018 - 04:25 PM

richclan

    Member

  • Member
  • PipPipPip
  • 187 posts

Here are my scans. Thanks in advance

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by jpr (administrator) on JPRACER (26-01-2018 17:10:18)
Running from C:\Users\jpr\Desktop
Loaded Profiles: jpr (Available Profiles: jpr & Cin & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-04] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C516F144-07E9-4051-B1BA-C6EB9113B90C}: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{ED099048-B339-4CB0-9623-6005AE1CE6A9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2594318427-2354040781-2526223756-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2594318427-2354040781-2526223756-1000 -> DefaultScope {0B707DC8-3FC0-46EE-A1F9-6D2250B4E866} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2594318427-2354040781-2526223756-1000 -> {0B707DC8-3FC0-46EE-A1F9-6D2250B4E866} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2594318427-2354040781-2526223756-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS388US388
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-22] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-22] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler-x32: amisie - {183A003A-3D01-4E94-A2C5-AD0108C68370} - C:\Program Files (x86)\AMIS\IeDtbPlugin.dll [2011-11-18] (TODO: <Company name>)

FireFox:
========
FF DefaultProfile: 1h0qy3jw.default
FF ProfilePath: C:\Users\jpr\AppData\Roaming\Mozilla\Firefox\Profiles\1h0qy3jw.default [2018-01-26]
FF Homepage: Mozilla\Firefox\Profiles\1h0qy3jw.default -> hxxps://www.wolframalpha.com/?trackid=sp-005
FF Session Restore: Mozilla\Firefox\Profiles\1h0qy3jw.default -> is enabled.
FF Extension: (Video WithOut Flash) - C:\Users\jpr\AppData\Roaming\Mozilla\Firefox\Profiles\1h0qy3jw.default\Extensions\[email protected] [2015-10-04] [Legacy]
FF HKLM\...\Firefox\Extensions: [{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\FFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa => not found
FF HKLM-x32\...\Firefox\Extensions: [{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\FFAddon => not found
FF HKU\S-1-5-21-2594318427-2354040781-2526223756-1000\...\Firefox\Extensions: [{07236a7a-ea6f-49fe-a3c5-8f3d188c0b4f}] - C:\Program Files (x86)\PassShow\155.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-22] (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Users\jpr\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2012-03-01] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jpr\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2012-03-01] ()

Chrome:
=======
CHR Profile: C:\Users\jpr\AppData\Local\Google\Chrome\User Data\Default [2018-01-24]
CHR Extension: (Slides) - C:\Users\jpr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-23]
CHR Extension: (Docs) - C:\Users\jpr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-23]
CHR Extension: (Google Drive) - C:\Users\jpr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-07]
CHR Extension: (YouTube) - C:\Users\jpr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-07]
CHR Extension: (Sheets) - C:\Users\jpr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\jpr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jpr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-23]
CHR Extension: (Gmail) - C:\Users\jpr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\jpr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-04] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-04] (AVAST Software)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [345600 2010-01-14] (Pharos Systems International) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-02-22] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [202448 2016-07-13] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5663824 2016-06-06] (RealVNC Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-04] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-04] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-04] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-04] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-04] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-04] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-04] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-04] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-12] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-04] (AVAST Software)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-26 17:10 - 2018-01-26 17:11 - 000019278 _____ C:\Users\jpr\Desktop\FRST.txt
2018-01-26 17:07 - 2018-01-26 17:08 - 002393088 _____ (Farbar) C:\Users\jpr\Desktop\FRST64.exe
2018-01-26 17:04 - 2018-01-26 17:04 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-13 14:09 - 2018-01-26 17:06 - 000208806 _____ C:\Windows\ntbtlog.txt
2018-01-09 21:21 - 2018-01-09 21:21 - 005845504 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2018-01-04 23:44 - 2018-01-04 23:44 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-01-04 23:44 - 2018-01-04 23:43 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-12-30 00:18 - 2017-12-30 00:18 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-12-30 00:18 - 2017-12-30 00:18 - 000002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-26 17:10 - 2015-01-04 22:40 - 000000000 ____D C:\FRST
2018-01-26 17:03 - 2012-12-10 17:14 - 000000000 ____D C:\Temp
2018-01-26 17:02 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-26 10:06 - 2009-07-13 23:45 - 000009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-26 10:06 - 2009-07-13 23:45 - 000009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-25 09:46 - 2017-06-04 14:22 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-21 09:15 - 2010-07-17 05:57 - 000000000 ____D C:\Users\jpr\AppData\Local\Adobe
2018-01-20 16:53 - 2017-10-01 17:48 - 000000000 ____D C:\Users\jpr\Desktop\new
2018-01-18 19:41 - 2012-01-16 18:17 - 000000000 ____D C:\Users\Cin\AppData\Roaming\Spotify
2018-01-17 19:13 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-01-17 18:20 - 2010-07-23 13:14 - 000371760 _____ C:\Users\Cin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-13 14:14 - 2010-07-16 09:31 - 000371760 _____ C:\Users\jpr\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-13 14:10 - 2009-07-13 23:45 - 005758368 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-12 17:49 - 2017-06-04 14:22 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-12 17:49 - 2017-06-04 14:22 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-09 21:21 - 2012-10-17 14:18 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-09 21:21 - 2012-05-14 11:18 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-09 21:21 - 2012-01-09 18:37 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-09 21:21 - 2011-12-07 19:17 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-09 21:21 - 2010-03-15 16:54 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-06 11:26 - 2016-12-07 23:42 - 000002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-04 23:44 - 2017-11-22 22:47 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-01-04 23:44 - 2017-06-04 14:22 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-01-04 23:44 - 2017-06-04 14:22 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-01-04 23:44 - 2017-06-04 14:22 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-01-04 23:44 - 2017-06-04 14:22 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-01-04 23:44 - 2017-06-04 14:22 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-01-04 23:43 - 2017-06-04 14:22 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-01-04 23:42 - 2017-06-04 14:22 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-01-04 23:42 - 2017-06-04 14:22 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-01-04 23:42 - 2017-06-04 14:22 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-01-04 23:42 - 2017-06-04 14:22 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-01-01 14:54 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-30 00:20 - 2015-11-28 22:02 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-30 00:18 - 2010-03-15 16:53 - 000000000 ____D C:\ProgramData\Adobe
2017-12-30 00:18 - 2010-03-15 16:53 - 000000000 ____D C:\Program Files (x86)\Adobe

==================== Files in the root of some directories =======

2010-08-13 12:24 - 2010-08-13 12:24 - 000000000 _____ () C:\Users\jpr\AppData\Roaming\wklnhst.dat
2016-07-14 13:23 - 2016-07-15 11:18 - 000007622 _____ () C:\Users\jpr\AppData\Local\Resmon.ResmonCfg
2016-12-09 23:12 - 2016-12-09 23:12 - 025416816 _____ (One Click Root) C:\Users\jpr\AppData\Local\TempOneClickRoot.exe
2016-08-07 22:06 - 2016-08-07 22:18 - 000000178 _____ () C:\Users\jpr\AppData\Local\uts.ini
2015-01-04 12:53 - 2015-01-04 12:53 - 000000000 _____ () C:\Users\jpr\AppData\Local\{B868B16E-58F4-4DC9-9EB6-BDD9BA213E54}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-21 12:01

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by jpr (26-01-2018 17:12:58)
Running from C:\Users\jpr\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-07-16 14:31:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2594318427-2354040781-2526223756-500 - Administrator - Disabled)
Cin (S-1-5-21-2594318427-2354040781-2526223756-1004 - Limited - Enabled) => C:\Users\Cin
Guest (S-1-5-21-2594318427-2354040781-2526223756-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2594318427-2354040781-2526223756-1012 - Limited - Enabled)
jpr (S-1-5-21-2594318427-2354040781-2526223756-1000 - Administrator - Enabled) => C:\Users\jpr

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.58 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.149.115 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.149.115 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
Acer Game Console (HKLM-x32\...\Acer Game Console) (Version:  - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.0.80 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0105.2010 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (HKLM\...\{887797BF-37A5-4199-B0C9-0D38D6196E9A}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (HKLM\...\{90BA8112-80B3-4617-A3C1-BD2771B60F74}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (HKLM\...\{8DAA31EB-6830-4006-A99F-4DF8AB24714F}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (HKLM-x32\...\Adobe_acce07fd2c8fe7f9e3f26243e626578) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Drive CS4 x64 (HKLM\...\{A3454894-144A-4D80-B605-C128FE0D7329}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Fonts All x64 (HKLM\...\{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS5.1 (HKLM-x32\...\{23767F5D-A80C-4264-B8EA-ED4085FC332A}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Linguistics CS4 x64 (HKLM\...\{8875A1C0-6308-4790-8CF6-D34E89880052}) (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (HKLM\...\{DFFABE78-8173-4E97-9C5C-22FB26192FC5}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (HKLM\...\{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (HKLM\...\{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe WinSoft Linguistics Plugin x64 (HKLM\...\{295CFB7C-A57E-4313-93E7-68E7CE1D0332}) (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
AMIS 3.1.3 (U.S. English) (HKLM-x32\...\AMIS) (Version: 3.1.3 - DAISY Consortium)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Backup Manager Basic (HKLM-x32\...\{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.58 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WT078749) (Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT078953) (Version: 2.2.0.82 - WildTangent) Hidden
Bob the Builder Can-Do-Zoo (HKLM-x32\...\WT078961) (Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.04 - Broadcom Corporation)
Build-a-lot 2 (HKLM-x32\...\WT079193) (Version: 2.2.0.82 - WildTangent) Hidden
Call of Duty (HKLM-x32\...\Call of Duty) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (HKLM-x32\...\{B29AD377-CC12-490A-A480-1452337C618D}) (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2529.50 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Escape Rosecliff Island (HKLM-x32\...\WT079218) (Version: 2.2.0.82 - WildTangent) Hidden
eSobi v2 (HKLM-x32\...\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
Faerie Solitaire (HKLM-x32\...\WT079017) (Version: 2.2.0.82 - WildTangent) Hidden
FATE - The Traitor Soul (HKLM-x32\...\WT079021) (Version: 2.2.0.82 - WildTangent) Hidden
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 11.0.1.0 - FlashPeak Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2057 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Jewel Quest Solitaire 3 (HKLM-x32\...\WT079065) (Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (HKLM-x32\...\{098727E1-775A-4450-B573-3F441F1CA243}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.6 - Acer Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Monopoly (HKLM-x32\...\WT079097) (Version: 2.2.0.82 - WildTangent) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Mystery P.I. - Lost in Los Angeles (HKLM-x32\...\WT079101) (Version: 2.2.0.82 - WildTangent) Hidden
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (HKLM-x32\...\{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
PDF Settings CS4 (HKLM-x32\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Penguins! (HKLM-x32\...\WT079105) (Version: 2.2.0.82 - WildTangent) Hidden
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Photoshop Camera Raw (HKLM-x32\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (HKLM\...\{2D74E972-5A85-44DC-9193-8A302BA8C181}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Plants vs. Zombies (HKLM-x32\...\WT079109) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT079113) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT079117) (Version: 2.2.0.82 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6015 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Scrabble Plus (HKLM-x32\...\WT079149) (Version: 2.2.0.82 - WildTangent) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
Suite Shared Configuration CS4 (HKLM-x32\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
The Price is Right (HKLM-x32\...\WT079153) (Version: 2.2.0.82 - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Virtual Families (HKLM-x32\...\WT079643) (Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - A New Home (HKLM-x32\...\WT079173) (Version: 2.2.0.82 - WildTangent) Hidden
VNC Server 5.3.2 (HKLM\...\{BD3BF59A-3CD6-49B3-A166-E57BF55FF959}) (Version: 5.3.2.19179 - RealVNC Ltd)
VNC Viewer 5.3.2 (HKLM\...\{F10020E5-D194-469E-B494-DDCE5D76A3A0}) (Version: 5.3.2.19179 - RealVNC Ltd)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3012 - Acer Incorporated)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Yahtzee (HKLM-x32\...\WT079179) (Version: 2.2.0.82 - WildTangent) Hidden
Zuma Deluxe (HKLM-x32\...\WT078774) (Version: 2.2.0.82 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-04] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-04] (AVAST Software)
ContextMenuHandlers1: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlshellext.dll [2009-09-10] (Egis Technology Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-10-21] (Apple Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-04] (AVAST Software)
ContextMenuHandlers3: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers4: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlshellext.dll [2009-09-10] (Egis Technology Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-01-25] (Intel Corporation)
ContextMenuHandlers5: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-04] (AVAST Software)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01461F3D-49E4-4D8F-876B-66A96F9F4C61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-07] (Google Inc.)
Task: {045F207C-AB0E-465D-B8A0-377772F7FBD0} - System32\Tasks\{FF9D0931-9DEA-49BB-821D-634E8161096C} => C:\COD\CoDUOMP.exe [2004-12-06] ()
Task: {0E68C33A-2171-42A6-9523-45E5722CEDD4} - System32\Tasks\{39DCACF4-2D9F-40A4-81CB-A1CB42241D2C} => C:\COD\CoDUOMP.exe [2004-12-06] ()
Task: {1B283884-7321-44DF-A63C-A9273B717128} - System32\Tasks\avastBCLRestartS-1-5-21-2594318427-2354040781-2526223756-1000 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Task: {20912A5E-C87B-4B18-BB9A-72DD31042A22} - System32\Tasks\{64F19E7C-26DD-492F-B07B-ED13866F5E72} => C:\COD\CoDUOMP.exe [2004-12-06] ()
Task: {32450C9D-2924-422C-B4F6-EE10B737A3DD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {4971E37B-9CE1-4A32-8301-86A68826D04B} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {4E8AA4CD-F4DB-490D-83C1-3C4615408E57} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {5035B20E-5B37-42C7-8C35-341D20AE2A8C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5A29342D-2E99-4BC9-9F20-13A63144EDE3} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {5A29342D-2E99-4BC9-9F20-13A63144EDE3} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate
Task: {6009A82A-5BE9-4FFF-948C-D6B7EE03F6FE} - System32\Tasks\{A371A677-9DBB-4029-8997-D4AA3393D08D} => C:\COD\CoDUOMP.exe [2004-12-06] ()
Task: {71840D0D-3CE8-4299-B457-300F0F1259AA} - System32\Tasks\{7FA7DDC9-F2DC-4A2E-A784-2655FAFA3B57} => C:\Windows\system32\pcalua.exe -a C:\Users\jpr\Downloads\OTLPEStd.exe -d C:\Users\jpr\Downloads
Task: {7A2A1519-2E55-4A22-8ED0-4864B0F32053} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {7FC7F8C3-45AD-4390-A127-86ADD321FB82} - System32\Tasks\AdobeAAMUpdater-1.0-jpracer-jpr => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {83D3270E-1234-47F4-869C-FE664221B360} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {84BADC74-430B-48C7-8A73-CAD69CB4A8B1} - System32\Tasks\AdobeAAMUpdater-1.0-jpracer-rich => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {86D7F958-68B4-4D09-81C9-F9D72CAED54A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {9023A52D-A66E-4C68-9D03-C85AFFEA1A28} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe
Task: {9BCC1DDE-84F2-45BE-8051-2314268AE651} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {9BCC1DDE-84F2-45BE-8051-2314268AE651} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {9C680534-A1D0-4F5D-A8F7-EFAFB0D1ADC2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-04] (AVAST Software)
Task: {9FFB6D11-6F71-4270-8DA9-FAA54282E5BC} - System32\Tasks\{98F44635-074E-4708-9516-24697B9D5B96} => C:\COD\CoDUOMP.exe [2004-12-06] ()
Task: {BB748ADD-9BFB-4A1E-8484-B85E95098E90} - System32\Tasks\AdobeAAMUpdater-1.0-jpracer-DYL => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {C2085E18-691C-4612-B286-F1D6442227C7} - System32\Tasks\{90341AAC-988D-4D20-ADFE-EF5B675A4C52} => C:\Windows\system32\pcalua.exe -a C:\Users\jpr\Desktop\OTLPEStd.exe -d C:\Users\jpr\Desktop
Task: {C472820F-202F-4BF2-868D-E06D06C49D7A} - System32\Tasks\{0719B16D-1A1D-4BC3-9776-4CC5577E5DBD} => C:\COD\CoDUOMP.exe [2004-12-06] ()
Task: {D01187DD-D4DC-49BD-A336-B8989E6C7D34} - System32\Tasks\{44B5EB42-2F79-4A79-86C9-087DFC5420E3} => C:\Windows\system32\pcalua.exe -a "C:\Users\DYL.jpracer\Desktop\Adobe CS4\Photoshop\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8" -c -silent
Task: {D7E9EE25-9CE3-4C67-8FE8-B51D7B29EE4B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {DBF8A3B1-57F9-43D0-AA12-45085BB80A6B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {E561DA47-745E-40A6-A697-6B74E5808E49} - System32\Tasks\SafeZone scheduled Autoupdate 1496604449 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {EEA17893-988E-47D6-9D55-56D3E0A4D6CD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-07] (AVAST Software)
Task: {FBC4E9BD-2233-48BD-9747-13737F9E9FB8} - System32\Tasks\{390F43E6-3872-4D1C-8EE8-07B7033A88D1} => C:\COD\CoDUOMP.exe [2004-12-06] ()
Task: {FD1A2A42-239D-4B0F-B2D9-CF947EDBF152} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-07] (Google Inc.)
Task: {FD70B027-C576-4FD7-AF33-AB5E672DC600} - System32\Tasks\{BA4133DD-32B0-4B38-9B39-1ED7DF640129} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Tablet\Pen\Remove.exe" -d "C:\Program Files (x86)\Tablet\Pen" -c /p

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-22 15:25 - 2011-02-22 15:25 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-02-22 15:25 - 2016-07-13 10:18 - 000202448 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2018-01-04 23:43 - 2018-01-04 23:43 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-04 23:43 - 2018-01-04 23:43 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-01-04 23:43 - 2018-01-04 23:43 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-04 23:43 - 2018-01-04 23:43 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-04 23:43 - 2018-01-04 23:43 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-01-26 09:55 - 2018-01-26 09:55 - 005779600 _____ () C:\Program Files\AVAST Software\Avast\defs\18012602\algo.dll
2018-01-04 23:43 - 2018-01-04 23:43 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-01-04 23:43 - 2018-01-04 23:43 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-01-04 23:43 - 2018-01-04 23:43 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-01-26 17:04 - 2018-01-26 17:04 - 005779088 _____ () C:\Program Files\AVAST Software\Avast\defs\18012606\algo.dll
2014-04-07 09:31 - 2014-04-07 09:31 - 000172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2010-01-06 19:46 - 2010-01-06 19:46 - 000465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-01-06 19:43 - 2010-01-06 19:43 - 001081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2016-12-01 12:59 - 2016-06-20 14:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-12-01 12:59 - 2014-05-19 17:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-07-15 14:57 - 2017-07-15 14:57 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-04 23:42 - 2018-01-04 23:42 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-08-22 12:00 - 2014-08-12 13:56 - 000001155 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com cmdls.adobe.com na1r.services.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2594318427-2354040781-2526223756-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jpr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft Device Center\ipoint.exe"
MSCONFIG\startupreg: IntelliType Pro => "c:\Program Files\Microsoft Device Center\itype.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{67DEEFA3-750F-451C-A1BE-E08AE3553BD0}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{E07641CC-9B5A-4C81-AA13-A1CC892969DB}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{FA193939-BCEF-4D98-8C5E-FE637A442F51}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [TCP Query User{8C61FF25-5CC4-4FA6-9C3D-00774D905C32}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{09F6825B-7258-487E-94A5-D6C9366051A4}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [TCP Query User{D829B24D-0F4B-4F45-A2F4-ACD2E8EF5E00}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{E32DEFA3-609B-4926-B232-15BAEC3AFC74}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{2464BEEE-F98F-4B9F-B990-C0DC57497D17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E689133-E529-4ED5-9FDE-8815A92E6E07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C77B88F-7EF7-440D-B565-1633A46504C1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{084FEE7F-8487-46C0-B395-195D9B2A8B90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03351A80-E26A-4AD1-B024-61AA6661FEF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBB6F291-A356-43CC-BA40-3720E3B7FE57}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D0C0C2C-2103-462D-9A6B-DBD5A7A83DA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{164CC268-5BBE-49AF-AEAE-432E380675E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63119181-A25F-4FD8-9A29-1BFE23E4976B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E5AA132C-F279-42AE-ABFF-B5DD1E1F1015}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{D01BC550-1FA5-49AD-A308-06439C2070EC}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{42FAEBAE-EB46-46E1-8E1E-B8489610466E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{C3B9C23A-388F-4CF4-82C7-2D130C770375}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{86828ACF-A0E2-4743-9F91-4EE19436C154}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: SDA Standard Compliant SD Host Controller
Description: SDA Standard Compliant SD Host Controller
Class Guid: {a0a588a4-c46f-4b37-b7ea-c82fe89870c6}
Manufacturer: Ricoh
Service: sdbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2018 05:30:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 77829210

Error: (01/18/2018 05:30:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 77829210

Error: (01/18/2018 05:30:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/17/2018 07:53:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7441

Error: (01/17/2018 07:53:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7441

Error: (01/17/2018 07:53:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/17/2018 07:53:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6443

Error: (01/17/2018 07:53:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6443

Error: (01/17/2018 07:53:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/17/2018 07:53:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5429


System errors:
=============
Error: (01/26/2018 05:03:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2018 10:01:13 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/26/2018 09:58:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (01/26/2018 09:53:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dritek WMI Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/26/2018 09:53:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dritek WMI Service service to connect.

Error: (01/26/2018 09:52:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2018 09:52:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/26/2018 09:52:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.

Error: (01/25/2018 01:12:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/25/2018 12:56:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-06-04 11:02:21.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-04 11:02:21.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-04 11:02:20.835
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-04 11:02:20.679
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-04 11:02:16.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\NNSAlpc\NNSAlpc.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-04 11:02:16.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\NNSAlpc\NNSAlpc.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-04 11:02:15.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\NNSHttp\NNSHttp.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-04 11:02:15.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\NNSHttp\NNSHttp.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-04 11:02:14.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\NNSHttps\NNSHttps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-06-04 11:02:14.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\NNSHttps\NNSHttps.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6000 @ 1.87GHz
Percentage of memory in use: 41%
Total physical RAM: 3766.71 MB
Available physical RAM: 2196.18 MB
Total Virtual: 7531.61 MB
Available Virtual: 6070.06 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:285.99 GB) (Free:125.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F674E9BC)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
RKinner
Posted 28 January 2018 - 03:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo.com/download_speccy/ (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


 


  • 0

#3
richclan
Posted 28 January 2018 - 04:30 PM

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 187 posts

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    89.41    0 K    24 K    0            
procexp64.exe    5.45    30,784 K    54,832 K    4008    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
firefox.exe    1.12    441,004 K    431,736 K    2892    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dwm.exe    1.02    45,728 K    30,040 K    1984    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    0.75    0 K    0 K    n/a    Hardware Interrupts and DPCs        
System    0.63    112 K    324 K    4            
SynTPEnh.exe    0.42    7,960 K    12,364 K    2904    Synaptics TouchPad Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
csrss.exe    0.34    2,316 K    6,076 K    524    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
PnkBstrB.exe    0.27    2,312 K    4,320 K    2464            (Verified) Even Balance
AvastSvc.exe    0.12    117,968 K    46,888 K    1168    Avast Service    AVAST Software    (Verified) AVAST Software s.r.o.
svchost.exe    0.08    115,576 K    125,580 K    980    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
explorer.exe    0.07    31,708 K    56,284 K    2016    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.06    5,600 K    11,772 K    3912    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
LMS.exe    0.05    2,340 K    4,716 K    1300    Local Manageability Service    Intel Corporation    (Verified) Intel Corporation
svchost.exe    0.04    4,444 K    9,040 K    724    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
AvastUI.exe    0.03    18,888 K    41,792 K    2980    Avast Antivirus    AVAST Software    (Verified) AVAST Software s.r.o.
CTskMstr.exe    0.03    4,080 K    8,544 K    1284    Pharos Systems ComTaskMaster    Pharos Systems International    (No signature was present in the subject) Pharos Systems International
lsass.exe    0.02    4,788 K    12,404 K    572    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
GregHSRW.exe    0.02    1,512 K    4,824 K    1780    Global Registration Service    Acer Incorporated    (Verified) Acer Incorporated
svchost.exe    0.01    11,172 K    18,628 K    1016    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    23,304 K    39,260 K    312    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
PnkBstrA.exe    0.01    1,172 K    4,128 K    2788            (Verified) Even Balance
AppleMobileDeviceService.exe    0.01    3,620 K    11,380 K    1652    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
SearchIndexer.exe    0.01    26,924 K    13,084 K    3984    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
lsm.exe    < 0.01    2,476 K    4,236 K    580    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
taskhost.exe    < 0.01    7,616 K    10,748 K    1920    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
aswidsagenta.exe    < 0.01    18,800 K    31,608 K    3676    Avast Behavior Shield    AVAST Software    (Verified) AVAST Software s.r.o.
SchedulerSvc.exe    < 0.01    2,756 K    6,680 K    3048    NTI Backup Now 5 SchedulerSvc NT Service    NewTech Infosystems, Inc.    (Verified) NewTech Infosystems
spoolsv.exe    < 0.01    10,524 K    18,520 K    1408    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe    < 0.01    1,700 K    5,080 K    1176    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    15,088 K    16,704 K    1072    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVC.EXE    < 0.01    6,832 K    15,232 K    328    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
IScheduleSvc.exe    < 0.01    5,144 K    10,116 K    2740    Backup Manager Module    NewTech Infosystems, Inc.    (Verified) NewTech Infosystems
svchost.exe    < 0.01    5,132 K    10,260 K    2368    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    < 0.01    11,368 K    9,580 K    3700    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
dsiwmis.exe    < 0.01    1,188 K    4,072 K    1728    Dritek WMI Service    Dritek System Inc.    (Verified) Dritek System Inc.
csrss.exe    < 0.01    2,324 K    4,932 K    436    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    12,008 K    15,208 K    1456    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
WSHelper.exe        9,060 K    16,800 K    1928    Wondershare Studio    Wondershare    (Verified) Wondershare software CO.
WmiPrvSE.exe        2,780 K    6,376 K    2352    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        1,224 K    3,240 K    3188    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
winlogon.exe        2,856 K    7,296 K    612    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,600 K    4,516 K    496    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
UpdaterService.exe        1,112 K    3,752 K    1744    Acer Update Service    Acer    (Verified) Acer Incorporated
UNS.exe        3,772 K    8,820 K    4936    User Notification Service    Intel Corporation    (Verified) Intel Corporation
SynTPHelper.exe        1,192 K    3,200 K    2708    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        17,064 K    19,156 K    868    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,832 K    7,632 K    816    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,204 K    3,580 K    2552    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,192 K    3,560 K    2648    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,756 K    4,384 K    4808    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        484 K    1,140 K    296    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        5,904 K    9,732 K    548    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
procexp.exe        2,520 K    7,716 K    1492    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
MotoHelperService.exe        2,748 K    8,256 K    2024    MotoHelper Service    Motorola Mobility LLC    (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe        3,444 K    8,804 K    2592    MotoHelperAgent    Motorola Mobility LLC    (Verified) Motorola Mobility Inc.
mDNSResponder.exe        1,956 K    5,420 K    1676    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
jusched.exe        2,700 K    7,960 K    668    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
jucheck.exe        4,888 K    12,112 K    2200    Java Update Checker    Oracle Corporation    (Verified) Oracle America
ePowerSvc.exe        1,836 K    4,672 K    1760    ePowerSvc    Acer Incorporated    (Verified) Acer Incorporated
dllhost.exe        2,280 K    5,844 K    4668    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        936 K    2,724 K    1184    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
armsvc.exe        1,184 K    3,892 K    1584    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
alg.exe        1,264 K    4,136 K    3804    Application Layer Gateway Service    Microsoft Corporation    (Verified) Microsoft Windows

 

 

 

 

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       296 N/A                                         
csrss.exe                      436 N/A                                         
wininit.exe                    496 N/A                                         
csrss.exe                      524 N/A                                         
services.exe                   548 N/A                                         
lsass.exe                      572 KeyIso, SamSs                               
lsm.exe                        580 N/A                                         
winlogon.exe                   612 N/A                                         
svchost.exe                    724 DcomLaunch, PlugPlay, Power                 
svchost.exe                    816 RpcEptMapper, RpcSs                         
svchost.exe                    868 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc   
svchost.exe                    980 AudioEndpointBuilder, dot3svc, IPBusEnum,   
                                   Netman, PcaSvc, SysMain, TrkWks, UxSms,     
                                   Wlansvc                                     
svchost.exe                   1016 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, SstpSvc, WdiServiceHost                
svchost.exe                    312 BITS, Browser, EapHost, gpsvc, IKEEXT,      
                                   iphlpsvc, LanmanServer, MMCSS, ProfSvc,     
                                   RasMan, Schedule, seclogon, SENS,           
                                   SharedAccess, ShellHWDetection, Themes,     
                                   Winmgmt, wuauserv                           
svchost.exe                   1072 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc, TapiSrv                             
AvastSvc.exe                  1168 avast! Antivirus                            
wlanext.exe                   1176 N/A                                         
conhost.exe                   1184 N/A                                         
spoolsv.exe                   1408 Spooler                                     
svchost.exe                   1456 BFE, DPS, MpsSvc                            
armsvc.exe                    1584 AdobeARMservice                             
AppleMobileDeviceService.     1652 Apple Mobile Device Service                 
mDNSResponder.exe             1676 Bonjour Service                             
dsiwmis.exe                   1728 DsiWMIService                               
ePowerSvc.exe                 1760 ePowerSvc                                   
GregHSRW.exe                  1780 Greg_Service                                
taskhost.exe                  1920 N/A                                         
dwm.exe                       1984 N/A                                         
explorer.exe                  2016 N/A                                         
LMS.exe                       1300 LMS                                         
MotoHelperService.exe         2024 Motorola Device Manager                     
svchost.exe                   2552 Net Driver HPZ12                            
MotoHelperAgent.exe           2592 N/A                                         
IScheduleSvc.exe              2740 NTI IScheduleSvc                            
SynTPEnh.exe                  2904 N/A                                         
AvastUI.exe                   2980 N/A                                         
SchedulerSvc.exe              3048 NTISchedulerSvc                             
SynTPHelper.exe               2708 N/A                                         
CTskMstr.exe                  1284 Pharos Systems ComTaskMaster                
WSHelper.exe                  1928 N/A                                         
jusched.exe                    668 N/A                                         
svchost.exe                   2648 Pml Driver HPZ12                            
PnkBstrA.exe                  2788 PnkBstrA                                    
PnkBstrB.exe                  2464 PnkBstrB                                    
svchost.exe                   2368 stisvc                                      
UpdaterService.exe            1744 Updater Service                             
WLIDSVC.EXE                    328 wlidsvc                                     
WLIDSVCM.EXE                  3188 N/A                                         
aswidsagenta.exe              3676 aswbIDSAgent                                
SearchIndexer.exe             3984 WSearch                                     
firefox.exe                   2892 N/A                                         
alg.exe                       3804 ALG                                         
svchost.exe                   3912 SSDPSRV, upnphost, wcncsvc                  
svchost.exe                   4808 SDRSVC                                      
UNS.exe                       4936 UNS                                         
wmpnetwk.exe                  3700 WMPNetworkSvc                               
jucheck.exe                   2200 N/A                                         
procexp.exe                   1492 N/A                                         
procexp64.exe                 4008 N/A                                         
audiodg.exe                   4564 N/A                                         
cmd.exe                       2796 N/A                                         
conhost.exe                    720 N/A                                         
notepad.exe                   4848 N/A                                         
WmiPrvSE.exe                  4744 N/A                                         
WmiPrvSE.exe                  1980 N/A                                         
tasklist.exe                  2140 N/A                                         
 

 

Attached File  speccy.txt   255.98KB   232 downloads


Edited by richclan, 28 January 2018 - 05:16 PM.

  • 0

#4
RKinner
Posted 28 January 2018 - 10:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Speccy says the hard drive is failing:

C4
                                            Attribute name    Reallocation Event Count
                                            Real value    248
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    00000000F8
                                            Status    Good
                                        C5
                                            Attribute name    Current Pending Sector Count
                                            Real value    461
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    00000001CD
                                            Status    Good

 

 

Hard drives have some spare sectors but this seems excessive.  Don't know why it says Status Good.  The Real Values do not look low to me.  You might want a second opinion.

 

See if you can get Speedfan to work:

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin.).


click on the S.M.A.R.T. tab.  Click on the down arrow to the right of the Hard Disk box.  Select your hard drive.  Click on Perform an In-depth Online Analysis of this hard disk.  Your browser will open.

At the bottom of the new page will be a line:  

The link to get back and see a new report about this hard disk in the future is this.

Right click on the underlined "this" and select Copy Link Address.  Move to a Reply and Paste (Ctrl + v).
 

You can also do a test with HD TUNE

https://www.lifewire...-review-2624561
shows what it should look like.  Download page is

http://www.hdtune.com/download.html

You don't want the Pro version.  scroll down to plain HD Tune.

 

Download link is http://www.hdtune.co.../hdtune_255.exe

Download, save and right click and Run As Admin. 

 

What does it says is the average transfer time?  Does the graph look smooth or does it have drops that go all the way to the bottom?

 

Speccy also says you are using a power saving power plan.  Try changing it to High Performance:

Control Panel, Power Options, (Show Additional Plans) High Performance

 

 

 

Finally try WhySoSlow:

 

The Download is on

http://www.resplendence.com/downloads

Look under System Monitoring Tools for WhySoSlow 1.0  then click on


Download free home edition

Save the file then right click and Run As Admin.  Follow the prompts. Let it run for a minute (watch the Time Running indication at the bottom) then hit Analyze

Then when a new window appears hit Analyze again.   Once the report appears scroll down and see if it complains about anything.  You can Save the report but it saves as WhySoSlowOutput.htm which the forum won't let you attach.  You can either zip it up or rename it to WhySoSlowOutput.txt then attach it.  If it shows the CPU is being throttled then go into the BIOS/CMOS setup and see if you can turn off any power saving, speed step, quiet run or eco settings.


  • 0

#5
richclan
Posted 29 January 2018 - 11:43 AM

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 187 posts

Thanks, I changed to High Performance power and seems better. my battery is in need of replacement as well. I have another acer that also is 10 yrs old that I may try a make 1 good out of 2 scenario..I'm positive you tried to fix that one about 3+ years ago for my daughter LOL

 

  http://www.hddstatus...cation=EFCCC7A3

 

 

 

Your system has been analyzed. Your system appears to be running fine.
No problems were found.



Report generated on 1/29/2018 12:38:27 PM

Attached Thumbnails

  • HDTune_Benchmark_Hitachi_HTS545032B9A300.png

  • 0

#6
RKinner
Posted 29 January 2018 - 01:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Amazon has been my go to source for PC batteries the last few years.  They usually have them for a reasonable price and they seem to work well.

 

I would consider getting a new hard drive and cloning the old one before it fails.  They are pretty standard these days so just get a laptop (2.5") SATA (-III = the newer better ones) 320 GB or larger drive.  Best are Western Digital Blacks but the Blues are OK.  Stay away from Seagates.  They are junk.

 

Example from Amazon: 

WD Black 320 GB Mobile Hard Drive, 2.5 Inch, 7200 RPM, SATA II, 16 MB Cache (WD3200BEKT) (Old Model)
Price:     $34.00 + $3.99 shipping

 

This is the same size and vintage as yours.  You can move up to a larger drive:

WD 2016 New Blue 1TB 2.5 inches Laptop Notebook Internal SATA 6Gb/s Hard Drive 9.5mm Height 5400RPM Model WD10JPVX
Price:     $52.88

   

You will need a USB to SATA adapter

Amazon has lots.  Here is one for $12

StarTech USB 3.0 to 2.5" SATA III Hard Drive Adapter Cable w/ UASP - SATA to USB 3.0 Converter for SSD/HDD - Hard Drive Adapter Cable
 

 

Then get the free cloning software:

https://www.macrium.com/reflectfree

 

You plug the new drive into the usb adapter and the adapter into your PC's USB jack.  Run the cloning software.  (Make sure you know the source drive is the old drive and the destination is the new.

Once the cloning software finishes you shut it down, use a small Phillips screw driver to remove the 2 screws that hold the cover on the drive, remove the screws (may be 2 more screws).  Often the drive is in a carrier so you need to remove 4 more screws.  Keep the screws separate since they may be different sizes.  Remove the old drive, install the new.  Boot up and run speccy to make sure that the new drive is clean.  

 


  • 0

#7
richclan
Posted 29 January 2018 - 02:00 PM

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 187 posts

Thanks again for all your help on this. I'm going to try to make one working laptop out of two.

If I fail to; you gave me some great info above on a repair..Have a good week.

 

PS:

If Im able to clone this HD is it free of spyware and such????


Edited by richclan, 29 January 2018 - 02:02 PM.

  • 0

#8
RKinner
Posted 29 January 2018 - 06:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Looks clean to me.  Let Avast do a boot-time scan to be sure:

 

It takes like 6 hours so I usually let it run at night.


Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.
 

0Time to clean up:
IF we used a fixlist in FRST to clean your PC:
To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:

DeleteQuarantine:

Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
Otherwise just delete any files and logs from FRST.
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

If you use Facebook you need FB Purity: http://www.fbpurity.com/
To prevent a relatively new phishing attack:  In Firefox, type:

about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.
 "network.standard-url.punycode-host" Leave this one at default of Flase.
Close and restart firefox.

To test it you can go to:

https://www.xn--80ak6aa92e.com/

If the value is false you will see https://www.apple.cominstead of the correct value


If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent

http://www.foolishIT.../cryptoprevent/

The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

Recommended software:  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron


  • 0

#9
richclan
Posted 02 February 2018 - 05:30 PM

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 187 posts

well bad news. i hooked up the new/used HD and was going to format it with partition commander 8.03 and i remember it saying it was going to hide the current partition. the next thing that happened is my old HD is wiped out, I cant backstep it or anything..Ideas? I removed it hoping it can be recovered somehow 

 

I then installed my recovery backup on this new/used HD and installed it. however it takes 10-15 minutes to boot up even removing all start up processes..HD tune scan looks like i have another crap HD..could something cause this besides the HD?.I dont have any luck with laptops it seems. Thanks much!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by JPR (administrator) on WIN7 (02-02-2018 17:54:54)
Running from C:\Users\JPR\Desktop
Loaded Profiles: JPR (Available Profiles: JPR)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3063817593-2458988514-1251495814-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-23] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{08DA372E-0262-4E71-9343-883035B30B4F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EB112CCF-0FE6-4CBF-A8E5-30033E1DEC24}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741z&r=27360218l225l0494z155t4532q299
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741z&r=27360218l225l0494z155t4532q299
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741z&r=27360218l225l0494z155t4532q299
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741z&r=27360218l225l0494z155t4532q299
HKU\S-1-5-21-3063817593-2458988514-1251495814-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741z&r=27360218l225l0494z155t4532q299
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3063817593-2458988514-1251495814-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS782
SearchScopes: HKU\S-1-5-21-3063817593-2458988514-1251495814-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS782
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll [2010-03-15] (Google Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-02] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll [2010-03-15] (Google Inc.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-02] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-02] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-3063817593-2458988514-1251495814-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-02] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-12-19] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-02] (Google Inc.)
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default [2018-02-02]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2018-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\JPR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-02]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-02 17:55 - 2018-02-02 17:56 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\JPR\Desktop\procexp.exe
2018-02-02 17:54 - 2018-02-02 17:58 - 000009536 _____ C:\Users\JPR\Desktop\FRST.txt
2018-02-02 17:48 - 2018-02-02 17:54 - 000000000 ____D C:\FRST
2018-02-02 17:48 - 2018-02-02 17:48 - 002393088 _____ (Farbar) C:\Users\JPR\Desktop\FRST64.exe
2018-02-02 15:00 - 2018-02-02 15:00 - 000002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-02 15:00 - 2018-02-02 15:00 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-02 14:51 - 2018-02-02 14:52 - 001129816 _____ (Google Inc.) C:\Users\JPR\Desktop\ChromeSetup.exe
2018-02-02 14:50 - 2018-02-02 14:50 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2018-02-02 10:34 - 2018-02-02 10:34 - 000000000 ____D C:\Users\JPR\AppData\Roaming\Adobe
2018-02-02 10:18 - 2018-02-02 10:51 - 000000000 ____D C:\Users\JPR\AppData\Local\ElevatedDiagnostics
2018-02-02 10:06 - 2018-02-02 10:07 - 000058240 _____ C:\Windows\ntbtlog.txt
2018-02-02 09:31 - 2018-02-02 09:31 - 000000000 ____D C:\Program Files (x86)\GUM9B65.tmp
2018-02-02 09:21 - 2018-02-02 09:26 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-02 09:21 - 2018-02-02 09:26 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-02 09:11 - 2018-02-02 15:19 - 000000000 ____D C:\Users\JPR\AppData\Local\Google
2018-02-02 09:11 - 2018-02-02 09:21 - 000000000 ____D C:\Users\JPR\AppData\LocalLow\Google
2018-02-02 09:11 - 2018-02-02 09:11 - 000000000 ____D C:\Users\JPR\AppData\Roaming\Google
2018-02-02 01:58 - 2018-02-02 01:58 - 000000003 _____ C:\Windows\system32\PLD_Framework.cmd
2018-02-02 01:56 - 2018-02-02 01:56 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-02-02 01:40 - 2018-02-02 01:40 - 000000000 ____D C:\Windows\NAPP_Dism_Log
2018-02-02 00:41 - 2018-02-02 00:41 - 000002557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2018-02-02 00:39 - 2018-02-02 00:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2018-02-02 00:39 - 2018-02-02 00:39 - 000001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2018-02-02 00:30 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2018-02-02 00:30 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2018-02-02 00:29 - 2018-02-02 00:29 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2018-02-02 00:28 - 2018-02-02 00:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2018-02-02 00:28 - 2018-02-02 00:32 - 000000000 ____D C:\Program Files (x86)\Windows Live
2018-02-02 00:28 - 2018-02-02 00:28 - 000000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2018-02-02 00:25 - 2018-02-02 00:25 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2018-02-02 00:22 - 2018-02-02 00:24 - 000000000 ____D C:\Program Files (x86)\CyberLink
2018-02-02 00:21 - 2018-02-02 00:19 - 000505128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2018-02-02 00:21 - 2018-02-02 00:19 - 000353576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2018-02-02 00:21 - 2018-02-02 00:19 - 000029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2018-02-02 00:20 - 2018-02-02 00:20 - 000000000 ____D C:\ProgramData\Temp
2018-02-02 00:16 - 2018-02-02 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam
2018-02-02 00:16 - 2018-02-02 00:14 - 000206208 _____ () C:\Windows\PLFSetI.exe
2018-02-02 00:16 - 2018-02-02 00:14 - 000000302 _____ C:\Windows\PidList.ini
2018-02-02 00:16 - 2009-12-16 15:13 - 000113264 _____ C:\Windows\FixUVC.exe
2018-02-02 00:15 - 2018-02-02 00:15 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2018-02-02 00:15 - 2018-02-02 00:15 - 000000000 ____D C:\Program Files\Synaptics
2018-02-02 00:13 - 2018-02-02 00:13 - 000000000 _____ C:\Windows\Setup.INI
2018-02-02 00:12 - 2018-02-02 00:13 - 000000000 ____D C:\Program Files (x86)\Launch Manager
2018-02-01 23:55 - 2010-01-19 04:05 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2018-02-01 23:55 - 2010-01-19 04:05 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2018-02-01 23:55 - 2010-01-19 04:00 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2018-02-01 23:55 - 2010-01-19 04:00 - 000356352 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2018-02-01 23:55 - 2010-01-19 04:00 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2018-02-01 23:55 - 2010-01-19 04:00 - 000305152 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2018-02-01 23:55 - 2010-01-18 18:29 - 000085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2018-02-01 23:55 - 2010-01-18 18:29 - 000085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2018-02-01 23:55 - 2010-01-18 18:28 - 000324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2018-02-01 23:55 - 2010-01-18 18:28 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2018-02-01 23:55 - 2010-01-18 18:28 - 000280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2018-02-01 23:55 - 2010-01-18 18:28 - 000277504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2018-02-01 23:54 - 2010-01-19 04:05 - 000424960 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2018-02-01 23:54 - 2010-01-19 04:05 - 000422912 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2018-02-01 23:54 - 2010-01-18 18:29 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2018-02-01 23:54 - 2010-01-18 18:29 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2018-02-01 23:43 - 2010-01-07 22:38 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-01 23:43 - 2010-01-07 22:38 - 000157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-01 23:40 - 2010-01-11 02:44 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-01 23:40 - 2010-01-11 02:12 - 000381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-01 23:40 - 2009-12-19 04:51 - 001492480 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-01 23:40 - 2009-12-19 04:51 - 001192960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-01 23:40 - 2009-12-19 04:47 - 009276928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-01 23:40 - 2009-12-19 04:47 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2018-02-01 23:40 - 2009-12-19 04:46 - 012356608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-01 23:40 - 2009-12-19 04:02 - 010976768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-01 23:40 - 2009-12-19 04:02 - 005961728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-01 23:40 - 2009-12-19 04:02 - 001224704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-01 23:40 - 2009-12-19 04:02 - 000977920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-01 23:40 - 2009-12-19 04:02 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2018-02-01 23:37 - 2009-10-31 01:34 - 002870272 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-02-01 23:37 - 2009-10-31 00:45 - 002614272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2018-02-01 23:37 - 2009-10-28 01:24 - 000389632 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-02-01 23:36 - 2009-12-19 04:50 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2018-02-01 23:36 - 2009-12-19 04:49 - 001572352 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2018-02-01 23:36 - 2009-12-19 04:47 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2018-02-01 23:36 - 2009-12-19 04:47 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2018-02-01 23:36 - 2009-12-19 04:47 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2018-02-01 23:36 - 2009-12-19 04:46 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2018-02-01 23:36 - 2009-12-19 04:02 - 001328640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2018-02-01 23:36 - 2009-12-19 04:02 - 000091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2018-02-01 23:36 - 2009-12-19 04:02 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2018-02-01 23:36 - 2009-12-19 04:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2018-02-01 23:36 - 2009-12-19 04:02 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2018-02-01 23:36 - 2009-12-19 04:02 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2018-02-01 23:36 - 2009-12-19 04:02 - 000013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2018-02-01 23:36 - 2009-12-19 04:02 - 000012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2018-02-01 23:34 - 2009-12-08 03:32 - 000464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-02-01 23:34 - 2009-12-08 03:32 - 000162304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-02-01 23:33 - 2009-12-04 02:26 - 000343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-02-01 23:33 - 2009-12-04 02:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-02-01 23:31 - 2018-02-01 23:31 - 000000000 ____D C:\Windows\System32\Tasks\Acer
2018-02-01 23:31 - 2018-02-01 23:31 - 000000000 ____D C:\Users\JPR\AppData\Roaming\Leadertech
2018-02-01 23:31 - 2018-02-01 23:31 - 000000000 ____D C:\Users\JPR\AppData\Roaming\Intel Corporation
2018-02-01 23:31 - 2018-02-01 23:31 - 000000000 ____D C:\Users\JPR\AppData\Roaming\Acer
2018-02-01 23:30 - 2018-02-01 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2018-02-01 23:30 - 2018-02-01 23:31 - 000000000 ____D C:\book
2018-02-01 23:30 - 2018-02-01 23:30 - 000004104 _____ C:\Windows\System32\Tasks\McQcModifier-5c47-a7b0
2018-02-01 23:30 - 2018-02-01 23:30 - 000000000 ____D C:\Users\JPR\AppData\Roaming\Macromedia
2018-02-01 23:30 - 2018-02-01 23:30 - 000000000 ____D C:\Users\JPR\AppData\Local\EgisTec
2018-02-01 23:30 - 2018-02-01 23:30 - 000000000 ____D C:\ProgramData\McQcModifier-5c47-a7b0
2018-02-01 23:29 - 2018-02-01 23:29 - 000001451 _____ C:\Users\JPR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-02-01 23:29 - 2018-02-01 23:29 - 000001417 _____ C:\Users\JPR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-02-01 23:28 - 2018-02-01 23:28 - 000000000 ____D C:\Users\JPR\AppData\Local\VirtualStore
2018-02-01 23:27 - 2018-02-01 23:27 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
2018-02-01 23:26 - 2018-02-01 23:26 - 000002609 _____ C:\Users\Public\Desktop\eBay.lnk
2018-02-01 23:26 - 2018-02-01 23:26 - 000002102 _____ C:\Users\Public\Desktop\Netflix.lnk
2018-02-01 23:26 - 2018-02-01 23:26 - 000000000 ____D C:\ProgramData\OEM_E471269A730D
2018-02-01 23:26 - 2018-02-01 23:26 - 000000000 ____D C:\Program Files (x86)\OEM
2018-02-01 23:16 - 2012-06-02 17:19 - 002428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-02-01 23:16 - 2012-06-02 17:19 - 000057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-02-01 23:16 - 2012-06-02 17:19 - 000044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-02-01 23:16 - 2012-06-02 17:15 - 002622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-02-01 23:15 - 2018-02-02 09:03 - 000079152 _____ C:\Users\JPR\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-01 23:15 - 2018-02-01 23:15 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0
2018-02-01 23:14 - 2018-02-01 23:14 - 000015814 _____ C:\Windows\system32\results.xml
2018-02-01 23:14 - 2012-06-02 17:19 - 000701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-02-01 23:14 - 2012-06-02 17:19 - 000038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-02-01 23:14 - 2012-06-02 17:15 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-02-01 23:13 - 2012-06-02 15:19 - 000186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-02-01 23:13 - 2012-06-02 15:15 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-02-01 23:12 - 2018-02-01 23:29 - 000000000 ____D C:\Users\JPR
2018-02-01 23:12 - 2018-02-01 23:12 - 000000020 ___SH C:\Users\JPR\ntuser.ini
2018-02-01 23:12 - 2009-07-14 02:44 - 000000000 ____D C:\Users\JPR\AppData\Roaming\Media Center Programs
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-02 16:48 - 2009-07-13 23:45 - 000009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-02 16:48 - 2009-07-13 23:45 - 000009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-02 16:32 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-02 16:16 - 2010-03-15 16:48 - 000000000 ____D C:\ProgramData\McAfee
2018-02-02 15:51 - 2009-07-14 00:13 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-02 15:51 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-02-02 14:59 - 2010-03-15 16:47 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-02 14:43 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-02 01:56 - 2010-03-15 16:26 - 000000000 ____D C:\Program Files (x86)\Intel
2018-02-02 01:53 - 2010-03-15 16:26 - 000000000 ____D C:\Intel
2018-02-02 01:00 - 2009-07-13 23:45 - 000343552 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-02 00:56 - 2010-03-15 17:15 - 000000000 ___HD C:\OEM
2018-02-02 00:46 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\Help
2018-02-02 00:43 - 2010-03-15 16:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Works
2018-02-02 00:27 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-02-02 00:24 - 2010-03-15 16:26 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-02-02 00:18 - 2010-03-15 16:57 - 000000000 ____D C:\ProgramData\OEM
2018-02-02 00:18 - 2010-03-15 16:45 - 000000000 ____D C:\Program Files\Acer
2018-02-02 00:16 - 2010-03-15 16:44 - 000000000 ____D C:\Program Files (x86)\Acer
2018-02-02 00:13 - 2010-03-15 16:28 - 000000184 _____ C:\Windows\LMv4.UNI
2018-02-01 23:31 - 2009-10-05 15:30 - 000000000 ____D C:\Windows\DeployWinRE2
2018-02-01 23:12 - 2010-03-15 17:19 - 000000000 ____D C:\Windows\Panther
2018-02-01 23:11 - 2009-07-13 22:20 - 000000000 __RHD C:\Users\Public\Libraries
2018-02-01 23:10 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2010-03-15 16:19
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by JPR (02-02-2018 17:59:44)
Running from C:\Users\JPR\Desktop
Windows 7 Home Premium (X64) (2018-02-02 04:12:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3063817593-2458988514-1251495814-500 - Administrator - Disabled)
Guest (S-1-5-21-3063817593-2458988514-1251495814-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3063817593-2458988514-1251495814-1002 - Limited - Enabled)
JPR (S-1-5-21-3063817593-2458988514-1251495814-1001 - Administrator - Enabled) => C:\Users\JPR
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Acer Assist (HKLM-x32\...\Acer Assist) (Version:  - Acer Incorporated)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.58 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.149.115 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.149.115 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
Acer Game Console (HKLM-x32\...\Acer Game Console) (Version:  - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.0.80 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0105.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Backup Manager Basic (HKLM-x32\...\{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.58 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WT078749) (Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT078953) (Version: 2.2.0.82 - WildTangent) Hidden
Bob the Builder Can-Do-Zoo (HKLM-x32\...\WT078961) (Version: 2.2.0.82 - WildTangent) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.01 - Broadcom Corporation)
Build-a-lot 2 (HKLM-x32\...\WT079193) (Version: 2.2.0.82 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2529.50 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Escape Rosecliff Island (HKLM-x32\...\WT079218) (Version: 2.2.0.82 - WildTangent) Hidden
eSobi v2 (HKLM-x32\...\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
Faerie Solitaire (HKLM-x32\...\WT079017) (Version: 2.2.0.82 - WildTangent) Hidden
FATE - The Traitor Soul (HKLM-x32\...\WT079021) (Version: 2.2.0.82 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.140 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.2.183.13 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2057 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Jewel Quest Solitaire 3 (HKLM-x32\...\WT079065) (Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.6 - Acer Inc.)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Monopoly (HKLM-x32\...\WT079097) (Version: 2.2.0.82 - WildTangent) Hidden
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Mystery P.I. - Lost in Los Angeles (HKLM-x32\...\WT079101) (Version: 2.2.0.82 - WildTangent) Hidden
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (HKLM-x32\...\{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
Penguins! (HKLM-x32\...\WT079105) (Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (HKLM-x32\...\WT079109) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT079113) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT079117) (Version: 2.2.0.82 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6015 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Scrabble Plus (HKLM-x32\...\WT079149) (Version: 2.2.0.82 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
The Price is Right (HKLM-x32\...\WT079153) (Version: 2.2.0.82 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Virtual Families (HKLM-x32\...\WT079643) (Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - A New Home (HKLM-x32\...\WT079173) (Version: 2.2.0.82 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3012 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahtzee (HKLM-x32\...\WT079179) (Version: 2.2.0.82 - WildTangent) Hidden
Zuma Deluxe (HKLM-x32\...\WT078774) (Version: 2.2.0.82 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
ContextMenuHandlers1: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlshellext.dll [2009-09-10] (Egis Technology Inc.)
ContextMenuHandlers4: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlshellext.dll [2009-09-10] (Egis Technology Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-01-25] (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1E8D005C-7EB1-40E2-9D24-965B51CA11FC} - System32\Tasks\Acer\Acer Assist\New Message Check - JPR => C:\Program Files (x86)\Acer\Acer Assist\AcerAssist.exe [2007-11-19] (Acer Incorporated)
Task: {2D356338-F9ED-4DE8-810D-11400AA714EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-02] (Google Inc.)
Task: {4F7AA365-110F-4CFC-915C-3269FFDB2588} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-02] (Google Inc.)
Task: {B89E4A5A-74E3-4DC2-9730-67871306A52D} - System32\Tasks\McQcModifier-5c47-a7b0 => C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.acer.com/redirect.aspx?rid=09000001
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-02-02 15:00 - 2018-02-01 01:13 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\libglesv2.dll
2018-02-02 15:00 - 2018-02-01 01:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\libegl.dll
2010-01-06 19:46 - 2010-01-06 19:46 - 000465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-01-06 19:43 - 2010-01-06 19:43 - 001081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3063817593-2458988514-1251495814-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JPR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Acer Assist Launcher => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C4A01DE5-973B-484F-9CAB-F24344E0B3C6}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{6402674B-BC54-48B2-B767-646C5C832F24}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{2763BC50-9314-4C24-9C09-D1E0C5A1E59B}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{9B3DB141-C4B2-44F2-B88E-ACBDC43F2AED}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{028571A5-039F-48BB-B747-41AAF38A1CA1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{36975549-B378-4BE6-A277-4F9DD28ABF04}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{1827DEC6-CA7C-4394-AA75-499DC5AD1077}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C22E13C2-E4D0-40B9-B2F8-E5993752C4E6}] => (Allow) svchost.exe
FirewallRules: [{85724506-B8E3-4E95-9B43-7F511C380BB4}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{34F1795C-4FFB-4F45-B3A7-D32B7782EF5A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
01-02-2018 23:11:48 Windows Update
01-02-2018 23:32:13 Windows Update
01-02-2018 23:33:37 Windows Update
01-02-2018 23:35:24 Windows Update
01-02-2018 23:37:08 Windows Update
01-02-2018 23:39:22 Windows Update
01-02-2018 23:42:57 Windows Update
01-02-2018 23:46:00 Windows Update
01-02-2018 23:49:30 Windows Update
01-02-2018 23:54:16 Windows Update
02-02-2018 00:15:34 Installed Acer Crystal Eye webcam
02-02-2018 00:17:33 Installed Acer ePower Management
02-02-2018 00:20:00 Installed PowerDVD
02-02-2018 00:30:04 Installed DirectX
02-02-2018 11:57:56 Removed Norton Online Backup
02-02-2018 12:56:26 Removed Norton Online Backup
02-02-2018 12:58:33 Removed Norton Online Backup
02-02-2018 13:02:26 Removed Norton Online Backup
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/02/2018 11:31:39 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe900003328 (0xd00)0x00000000776EFF2A
 Build VSCORE.14.0.0.433 / 5301.4018
 Object being scanned = \Device\HarddiskVolume1\Program Files (x86)\Adobe\Reader 9.0\Reader\acrord32.dll
 by C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 
Error: (02/02/2018 11:27:27 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe900003052 (0xbec)0x00000000776EFF2A
 Build VSCORE.14.0.0.433 / 5301.4018
 Object being scanned = \Device\HarddiskVolume1\Program Files (x86)\Acer\Registration\GREG.exe
 by C:\Windows\Explorer.EXE
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 
Error: (02/02/2018 11:03:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (02/02/2018 09:31:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a4c
 
Start Time: 01d39c311889e52e
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id: a8a90bdc-0825-11e8-b785-705ab6e819de
 
Error: (02/02/2018 09:31:19 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe900002692 (0xa84)0x000000007748FF2A
 Build VSCORE.14.0.0.433 / 5301.4018
 Object being scanned = \Device\HarddiskVolume1\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
 by C:\Program Files (x86)\Internet Explorer\iexplore.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 
Error: (02/02/2018 08:57:53 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe900002768 (0xad0)0x000000007748FF2A
 Build VSCORE.14.0.0.433 / 5301.4018
 Object being scanned = \Device\HarddiskVolume1\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
 by C:\Windows\Explorer.EXE
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 
Error: (02/01/2018 11:25:01 PM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY)
Description: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe900003848 (0xf08)0x0000000076D9FF2A
 Build VSCORE.14.0.0.433 / 5301.4018
 Object being scanned = \Device\HarddiskVolume1\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
 by C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 
 
System errors:
=============
Error: (02/02/2018 05:28:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (02/02/2018 04:55:42 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (02/02/2018 04:53:41 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (02/02/2018 04:51:40 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (02/02/2018 04:49:40 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (02/02/2018 04:45:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (02/02/2018 04:36:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Rapid Storage Technology service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/02/2018 04:36:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
 
Error: (02/02/2018 02:42:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Installer service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (02/02/2018 02:42:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6000 @ 1.87GHz
Percentage of memory in use: 32%
Total physical RAM: 3766.71 MB
Available physical RAM: 2524.09 MB
Total Virtual: 7531.58 MB
Available Virtual: 6161.57 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:232.88 GB) (Free:205.56 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 6CD43650)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 90.43 0 K 24 K 0
procexp64.exe 3.97 23,860 K 40,144 K 2696 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
chrome.exe 2.47 143,052 K 185,236 K 3184 Google Chrome Google Inc. (The timestamp signature and/or certificate could not be verified or is malformed) Google Inc.
dwm.exe 1.19 54,500 K 30,024 K 1188 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.84 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 0.48 2,884 K 10,192 K 504 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 0.38 120 K 792 K 4
LMS.exe 0.03 2,444 K 4,584 K 1152 Local Manageability Service Intel Corporation (Verified) Intel Corporation
svchost.exe 0.03 4,028 K 8,608 K 724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.03 59,336 K 118,216 K 3888 Google Chrome Google Inc. (The timestamp signature and/or certificate could not be verified or is malformed) Google Inc.
GregHSRW.exe 0.02 1,500 K 4,596 K 1172 Global Registration Service Acer Incorporated (Verified) Acer Incorporated
chrome.exe 0.02 22,668 K 32,068 K 1604 Google Chrome Google Inc. (The timestamp signature and/or certificate could not be verified or is malformed) Google Inc.
svchost.exe 0.02 7,920 K 16,536 K 1120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.02 38,084 K 55,460 K 1180 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 27,412 K 43,736 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 14,472 K 15,336 K 1000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 0.01 12,212 K 11,396 K 2628 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 1,948 K 3,952 K 456 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SchedulerSvc.exe < 0.01 2,576 K 6,064 K 1856 NTI Backup Now 5 SchedulerSvc NT Service NewTech Infosystems, Inc. (Verified) NewTech Infosystems
svchost.exe < 0.01 8,780 K 15,448 K 328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 20,756 K 18,332 K 2212 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
IScheduleSvc.exe < 0.01 5,060 K 9,368 K 1756 Backup Manager Module NewTech Infosystems, Inc. (Verified) NewTech Infosystems
svchost.exe < 0.01 76,320 K 86,368 K 932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dsiwmis.exe < 0.01 1,208 K 3,780 K 2000 Dritek WMI Service Dritek System Inc. (Verified) Dritek System Inc.
svchost.exe < 0.01 14,104 K 15,268 K 1392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,620 K 5,836 K 2392 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1,688 K 4,808 K 1236 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,912 K 7,072 K 552 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,488 K 4,292 K 512 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
UpdaterService.exe 1,088 K 3,536 K 672 Acer Update Service Acer (Verified) Acer Incorporated
UNS.exe 4,352 K 8,732 K 2196 User Notification Service Intel Corporation (Verified) Intel Corporation
taskhost.exe 7,852 K 8,444 K 1416 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,292 K 7,916 K 800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 9,828 K 12,912 K 2616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 169,572 K 31,132 K 372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 18,212 K 20,040 K 896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,508 K 4,592 K 3856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 6,240 K 10,628 K 1356 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 420 K 1,012 K 304 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,744 K 9,288 K 608 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 2,480 K 6,688 K 3660 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
notepad.exe 1,656 K 5,876 K 3636 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 1,700 K 5,996 K 3540 Notepad Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 2,460 K 4,024 K 624 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 4,076 K 10,800 K 616 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
GoogleCrashHandler64.exe 1,568 K 616 K 1824 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 1,504 K 528 K 1688 Google Crash Handler Google Inc. (Verified) Google Inc
ePowerSvc.exe 1,884 K 4,388 K 1064 ePowerSvc Acer Incorporated (Verified) Acer Incorporated
conhost.exe 880 K 2,340 K 1244 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 58,460 K 56,580 K 3840 Google Chrome Google Inc. (The timestamp signature and/or certificate could not be verified or is malformed) Google Inc.
chrome.exe 28,620 K 37,536 K 3140 Google Chrome Google Inc. (The timestamp signature and/or certificate could not be verified or is malformed) Google Inc.
chrome.exe 1,988 K 5,232 K 3436 Google Chrome Google Inc. (The timestamp signature and/or certificate could not be verified or is malformed) Google Inc.
chrome.exe 2,124 K 5,864 K 3864 Google Chrome Google Inc. (The timestamp signature and/or certificate could not be verified or is malformed) Google Inc.
audiodg.exe 16,696 K 16,800 K 3868 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
 
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       304 N/A                                         
csrss.exe                      456 N/A                                         
csrss.exe                      504 N/A                                         
wininit.exe                    512 N/A                                         
winlogon.exe                   552 N/A                                         
services.exe                   608 N/A                                         
lsass.exe                      616 KeyIso, SamSs                               
lsm.exe                        624 N/A                                         
svchost.exe                    724 DcomLaunch, PlugPlay, Power                 
svchost.exe                    800 RpcEptMapper, RpcSs                         
svchost.exe                    896 AudioSrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                    932 AudioEndpointBuilder, HomeGroupListener,    
                                   Netman, PcaSvc, SysMain, TrkWks, UxSms,     
                                   Wlansvc, wudfsvc                            
svchost.exe                    956 AeLookupSvc, Appinfo, BITS, Browser,        
                                   EapHost, gpsvc, IKEEXT, iphlpsvc,           
                                   LanmanServer, MMCSS, ProfSvc, Schedule,     
                                   SENS, ShellHWDetection, Themes, Winmgmt,    
                                   wuauserv                                    
svchost.exe                    328 EventSystem, fdPHost, netprofm, nsi,        
                                   WdiServiceHost                              
svchost.exe                   1000 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
explorer.exe                  1180 N/A                                         
dwm.exe                       1188 N/A                                         
wlanext.exe                   1236 N/A                                         
conhost.exe                   1244 N/A                                         
spoolsv.exe                   1356 Spooler                                     
svchost.exe                   1392 BFE, DPS, MpsSvc                            
taskhost.exe                  1416 N/A                                         
dsiwmis.exe                   2000 DsiWMIService                               
ePowerSvc.exe                 1064 ePowerSvc                                   
svchost.exe                   1120 FDResPub, FontCache, SSDPSRV, upnphost      
GregHSRW.exe                  1172 Greg_Service                                
GoogleCrashHandler.exe        1688 N/A                                         
LMS.exe                       1152 LMS                                         
IScheduleSvc.exe              1756 NTI IScheduleSvc                            
SchedulerSvc.exe              1856 NTISchedulerSvc                             
GoogleCrashHandler64.exe      1824 N/A                                         
UpdaterService.exe             672 Updater Service                             
svchost.exe                    372 WinDefend                                   
SearchIndexer.exe             2212 WSearch                                     
wmpnetwk.exe                  2628 WMPNetworkSvc                               
UNS.exe                       2196 UNS                                         
svchost.exe                   2616 p2pimsvc, p2psvc, PNRPsvc                   
chrome.exe                    3888 N/A                                         
chrome.exe                    3436 N/A                                         
chrome.exe                    3864 N/A                                         
chrome.exe                    3840 N/A                                         
chrome.exe                    3140 N/A                                         
chrome.exe                    3184 N/A                                         
chrome.exe                    1604 N/A                                         
notepad.exe                   3636 N/A                                         
notepad.exe                   3540 N/A                                         
audiodg.exe                   3868 N/A                                         
procexp.exe                   3660 N/A                                         
procexp64.exe                 2696 N/A                                         
WmiPrvSE.exe                  2392 N/A                                         
taskhost.exe                  2920 N/A                                         
cmd.exe                       3872 N/A                                         
conhost.exe                   2292 N/A                                         
tasklist.exe                  3508 N/A                                         
WmiPrvSE.exe                  3960 N/A     
 
 
                                
 
 

 

Attached Thumbnails

  • HDTune_Benchmark_Hitachi_HTS545025B9A.png

Edited by richclan, 02 February 2018 - 08:10 PM.

  • 0

#10
RKinner
Posted 04 February 2018 - 06:30 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Error: (02/02/2018 04:55:42 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

 

 

This is

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
See if you can get a newer version from your PC Maker or from intel.
 
This is used to talk to the hard drive so very important that it work properly.

  • 0

#11
richclan
Posted 04 February 2018 - 10:40 AM

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 187 posts

 this is my issue now

 

Attached Thumbnails

  • Untitled.jpg

  • 0

#12
RKinner
Posted 04 February 2018 - 03:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Expect the version of iRST you are trying to install is too new.  Try one of the older versions:

 

https://downloadcent...logy-Intel-RST-


  • 0

#13
richclan
Posted 04 February 2018 - 04:18 PM

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 187 posts

Thanks; that worked! what next?

Also do you think I could access my compromised HD ever again?

 

 

Attached Thumbnails

  • HDTune.png

Edited by richclan, 04 February 2018 - 04:50 PM.

  • 0

#14
RKinner
Posted 05 February 2018 - 11:45 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

https://www.disk-par...ition-5740.html

https://www.partitio...-partition.html

 

One of the above might help with the missing partition.  Note you need an elevated command prompt  (right click and Run As Admin)

 

What version did you get to install?

 

Let's see if the errors are gone.

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


The disk results still don't look all that good.  See how they look in Safe Mode

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)

 



 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP