Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Software, hardware, spyware where to begin

Started by bytesize , Sep 10 2018 12:40 PM

  • This topic is locked This topic is locked

#1
bytesize
Posted 10 September 2018 - 12:40 PM

bytesize

    Member

  • Member
  • PipPip
  • 96 posts

Hi all

 

was given friends laptop this morning, was told that it was going really slow and strange stuff was happening. Spent an hour or so having a look, initially was greeted with a blue screen, ran chkdsk and it booted eventually, think there are numerous problems. I am going to replace hard disk and wanted to know if there is anything lurking in the background, because I would much prefer to clone disk. When I first tried to run FRST it tried to update and froze, so turned off wifi and ran it without updating. Logs are posted below.

 

Sorry for the limited information, any help would be much appreciated.

 

Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03
Ran by Molly (administrator) on MOLLY-PC (10-09-2018 19:06:56)
Running from C:\Users\Molly\Desktop
Loaded Profiles: Molly (Available Profiles: Molly)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.12.0.104\nortonsecurity.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.12.0.104\nortonsecurity.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11779176 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-358046910-582415168-262340602-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1AB04C5A-1AAB-425E-974D-18A96B02DCC5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EAB8A094-E1D1-4996-B353-970E4E485E96}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-358046910-582415168-262340602-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.12.0.104\coIEPlg.dll [2018-01-25] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-04-03] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.12.0.104\coIEPlg.dll [2018-01-25] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-04-03] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-04-03] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.12.0.104\coIEPlg.dll [2018-01-25] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-04-03] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.12.0.104\coIEPlg.dll [2018-01-25] (Symantec Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Molly\AppData\Local\Google\Chrome\User Data\Default [2018-09-10]
CHR Extension: (Slides) - C:\Users\Molly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-10]
CHR Extension: (Docs) - C:\Users\Molly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-15]
CHR Extension: (Google Drive) - C:\Users\Molly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-15]
CHR Extension: (YouTube) - C:\Users\Molly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-15]
CHR Extension: (Google Docs Offline) - C:\Users\Molly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Molly\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-02-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Molly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-10]
CHR Extension: (Gmail) - C:\Users\Molly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-18]
CHR Extension: (Chrome Media Router) - C:\Users\Molly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-10]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.12.0.104\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.12.0.104\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.12.0.104\NortonSecurity.exe [328712 2018-01-26] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2018-01-17] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.11.2.7\Definitions\BASHDefs\20180904.003\BHDrvx64.sys [1919568 2018-09-04] (Symantec Corporation)
R1 ccSet_NGC; C:\Windows\system32\drivers\NGCx64\160C000.068\ccSetx64.sys [187544 2018-01-25] (Symantec Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.11.2.7\Definitions\IPSDefs\20180907.061\IDSvia64.sys [1306592 2018-09-07] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NGCx64\160C000.068\SRTSP64.SYS [817816 2018-01-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NGCx64\160C000.068\SRTSPX64.SYS [49304 2018-01-25] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\160C000.068\SYMEFASI64.SYS [1942168 2018-01-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102552 2018-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NGCx64\160C000.068\Ironx64.SYS [307864 2018-01-25] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NGCx64\160C000.068\SYMNETS.SYS [566936 2018-01-25] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-09-10 19:06 - 2018-09-10 19:08 - 000012306 _____ C:\Users\Molly\Desktop\FRST.txt
2018-09-10 18:52 - 2018-09-10 18:52 - 000000000 ____D C:\Windows\System32\Tasks\Norton Security
2018-09-10 18:50 - 2018-09-10 19:06 - 000000000 ____D C:\FRST
2018-09-10 18:49 - 2018-09-09 23:08 - 002413056 _____ (Farbar) C:\Users\Molly\Desktop\FRST64.exe
2018-09-10 18:46 - 2018-09-10 18:46 - 000003208 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2018-09-10 18:46 - 2018-09-10 18:46 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-09-10 00:13 - 2018-09-10 00:13 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2018-09-09 23:56 - 2018-09-09 23:56 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2018-09-09 23:38 - 2018-09-09 23:38 - 000000000 ____D C:\Users\Molly\AppData\Local\mbam
2018-09-03 23:11 - 2018-09-10 18:46 - 000002250 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-09-03 23:11 - 2018-09-10 00:14 - 000102552 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2018-09-03 23:11 - 2018-09-10 00:14 - 000008471 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2018-09-03 23:11 - 2018-09-03 23:11 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2018-09-03 23:09 - 2018-09-03 23:09 - 000000000 ____D C:\Windows\system32\Drivers\NSx64
2018-09-03 23:09 - 2018-09-03 23:09 - 000000000 ____D C:\Program Files\Norton Security
2018-08-27 15:02 - 2018-08-27 15:02 - 000012128 _____ C:\Users\Molly\Desktop\untitled 4.odt
2018-08-27 14:35 - 2018-08-27 14:35 - 000003368 ____N C:\bootsqm.dat
2018-08-25 14:16 - 2018-08-25 14:16 - 000679696 _____ (PC Drivers HeadQuarters LP) C:\Users\Molly\Downloads\DriverSupport (2).exe
2018-08-23 15:11 - 2018-08-23 15:11 - 000000000 ____D C:\Program Files (x86)\Driver Support
2018-08-23 15:09 - 2018-08-23 15:11 - 000679328 _____ (PC Drivers HeadQuarters LP) C:\Users\Molly\Downloads\DriverSupport (1).exe
2018-08-23 15:08 - 2018-08-23 15:08 - 000679328 _____ (PC Drivers HeadQuarters LP) C:\Users\Molly\Downloads\DriverSupport.exe
2018-08-15 19:32 - 2018-08-02 04:05 - 005553760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-08-15 19:32 - 2018-08-02 03:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-08-15 19:32 - 2018-08-02 03:45 - 003959984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-08-15 19:32 - 2018-08-02 03:16 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-08-15 19:32 - 2018-08-02 03:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-08-15 19:32 - 2018-08-02 03:16 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-08-15 19:32 - 2018-07-19 07:15 - 025745408 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-08-15 19:32 - 2018-07-19 05:35 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-08-15 19:32 - 2018-07-19 05:30 - 005778432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-08-15 19:32 - 2018-07-19 05:22 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-08-15 19:32 - 2018-07-19 05:22 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-08-15 19:32 - 2018-07-19 05:05 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-08-15 19:32 - 2018-07-19 05:01 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-08-15 19:32 - 2018-07-19 04:55 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-08-15 19:32 - 2018-07-19 04:46 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-08-15 19:32 - 2018-07-19 04:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-08-15 19:32 - 2018-07-19 04:31 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-08-15 19:32 - 2018-07-19 04:28 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-08-15 19:32 - 2018-07-19 04:20 - 001554944 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-08-15 19:32 - 2018-07-19 04:09 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-08-15 19:32 - 2018-07-19 04:06 - 001329152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-08-15 19:32 - 2018-07-13 20:19 - 001894080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-08-15 19:32 - 2018-07-07 16:24 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-08-15 19:32 - 2018-07-06 17:03 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-08-15 19:32 - 2018-07-06 16:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-08-15 19:32 - 2018-06-29 16:55 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2018-08-15 19:32 - 2018-06-29 16:55 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2018-08-15 19:32 - 2018-06-27 16:55 - 003246592 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-08-15 19:32 - 2018-06-27 16:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-08-15 19:31 - 2018-08-03 16:55 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-08-15 19:31 - 2018-08-03 16:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2018-08-15 19:31 - 2018-08-02 04:20 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-08-15 19:31 - 2018-08-02 04:18 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-08-15 19:31 - 2018-08-02 04:07 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-08-15 19:31 - 2018-08-02 04:06 - 000156256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-08-15 19:31 - 2018-08-02 04:02 - 001665320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-08-15 19:31 - 2018-08-02 04:00 - 000633080 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-08-15 19:31 - 2018-08-02 03:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-08-15 19:31 - 2018-08-02 03:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-08-15 19:31 - 2018-08-02 03:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-08-15 19:31 - 2018-08-02 03:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-08-15 19:31 - 2018-08-02 03:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-08-15 19:31 - 2018-08-02 03:58 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-08-15 19:31 - 2018-08-02 03:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-08-15 19:31 - 2018-08-02 03:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-08-15 19:31 - 2018-08-02 03:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-08-15 19:31 - 2018-08-02 03:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:43 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-08-15 19:31 - 2018-08-02 03:42 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-08-15 19:31 - 2018-08-02 03:42 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-08-15 19:31 - 2018-08-02 03:42 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-08-15 19:31 - 2018-08-02 03:42 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-08-15 19:31 - 2018-08-02 03:42 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-08-15 19:31 - 2018-08-02 03:42 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-08-15 19:31 - 2018-08-02 03:41 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-08-15 19:31 - 2018-08-02 03:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-08-15 19:31 - 2018-08-02 03:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-08-15 19:31 - 2018-08-02 03:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-08-15 19:31 - 2018-08-02 03:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-08-15 19:31 - 2018-08-02 03:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-08-15 19:31 - 2018-08-02 03:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-08-15 19:31 - 2018-08-02 03:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-08-15 19:31 - 2018-08-02 03:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-08-15 19:31 - 2018-08-02 03:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-08-15 19:31 - 2018-08-02 03:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:26 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-08-15 19:31 - 2018-08-02 03:26 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-08-15 19:31 - 2018-08-02 03:26 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-08-15 19:31 - 2018-08-02 03:25 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-08-15 19:31 - 2018-08-02 03:22 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-08-15 19:31 - 2018-08-02 03:21 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-08-15 19:31 - 2018-08-02 03:21 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-08-15 19:31 - 2018-08-02 03:17 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-08-15 19:31 - 2018-08-02 03:17 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-08-15 19:31 - 2018-08-02 03:17 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-08-15 19:31 - 2018-08-02 03:16 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-08-15 19:31 - 2018-08-02 03:16 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-08-15 19:31 - 2018-08-02 03:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-08-15 19:31 - 2018-08-02 03:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-08-15 19:31 - 2018-08-02 03:11 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-08-15 19:31 - 2018-08-02 03:11 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-08-15 19:31 - 2018-08-02 03:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-08-15 19:31 - 2018-08-02 03:10 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-08-15 19:31 - 2018-08-02 03:10 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-08-15 19:31 - 2018-08-02 03:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-08-15 19:31 - 2018-07-20 00:53 - 000396936 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-08-15 19:31 - 2018-07-19 23:58 - 000350272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-08-15 19:31 - 2018-07-19 05:48 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-08-15 19:31 - 2018-07-19 05:47 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-08-15 19:31 - 2018-07-19 05:34 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-08-15 19:31 - 2018-07-19 05:33 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-08-15 19:31 - 2018-07-19 05:33 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-08-15 19:31 - 2018-07-19 05:33 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-08-15 19:31 - 2018-07-19 05:32 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-08-15 19:31 - 2018-07-19 05:26 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-08-15 19:31 - 2018-07-19 05:25 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-08-15 19:31 - 2018-07-19 05:23 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-08-15 19:31 - 2018-07-19 05:22 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-08-15 19:31 - 2018-07-19 05:22 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-08-15 19:31 - 2018-07-19 05:21 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-08-15 19:31 - 2018-07-19 05:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-08-15 19:31 - 2018-07-19 05:14 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-08-15 19:31 - 2018-07-19 05:11 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-08-15 19:31 - 2018-07-19 05:05 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-08-15 19:31 - 2018-07-19 05:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-08-15 19:31 - 2018-07-19 05:04 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-08-15 19:31 - 2018-07-19 05:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-08-15 19:31 - 2018-07-19 05:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-08-15 19:31 - 2018-07-19 05:03 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-08-15 19:31 - 2018-07-19 05:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-08-15 19:31 - 2018-07-19 05:00 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-08-15 19:31 - 2018-07-19 05:00 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-08-15 19:31 - 2018-07-19 04:58 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-08-15 19:31 - 2018-07-19 04:58 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-08-15 19:31 - 2018-07-19 04:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-08-15 19:31 - 2018-07-19 04:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-08-15 19:31 - 2018-07-19 04:56 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-08-15 19:31 - 2018-07-19 04:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-08-15 19:31 - 2018-07-19 04:54 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-08-15 19:31 - 2018-07-19 04:47 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-08-15 19:31 - 2018-07-19 04:46 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-08-15 19:31 - 2018-07-19 04:45 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-08-15 19:31 - 2018-07-19 04:45 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-08-15 19:31 - 2018-07-19 04:43 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-08-15 19:31 - 2018-07-19 04:43 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-08-15 19:31 - 2018-07-19 04:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-08-15 19:31 - 2018-07-19 04:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-08-15 19:31 - 2018-07-19 04:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-08-15 19:31 - 2018-07-19 04:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-08-15 19:31 - 2018-07-19 04:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-08-15 19:31 - 2018-07-19 04:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-08-15 19:31 - 2018-07-19 04:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-08-15 19:31 - 2018-07-19 04:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-08-15 19:31 - 2018-07-19 04:28 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-08-15 19:31 - 2018-07-19 04:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-08-15 19:31 - 2018-07-19 04:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-08-15 19:31 - 2018-07-19 04:09 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-08-15 19:31 - 2018-07-19 04:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-08-15 19:31 - 2018-07-13 20:19 - 000377024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-08-15 19:31 - 2018-07-13 20:19 - 000287936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-08-15 19:31 - 2018-07-08 17:08 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-08-15 19:31 - 2018-07-08 17:02 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-08-15 19:31 - 2018-07-08 17:02 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-08-15 19:31 - 2018-07-08 17:02 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-08-15 19:31 - 2018-07-08 17:01 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-08-15 19:31 - 2018-07-08 17:01 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-08-15 19:31 - 2018-07-08 16:47 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-08-15 19:31 - 2018-07-08 16:42 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-08-15 19:31 - 2018-07-08 16:42 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-08-15 19:31 - 2018-07-08 16:41 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-08-15 19:31 - 2018-07-08 16:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-08-15 19:31 - 2018-07-08 16:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-08-15 19:31 - 2018-07-06 17:09 - 000947904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-08-15 19:31 - 2018-07-06 17:03 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-08-15 19:31 - 2018-07-06 16:48 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2018-08-15 19:31 - 2018-06-29 16:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2018-08-15 19:31 - 2018-06-29 16:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2018-08-15 19:31 - 2018-06-27 17:01 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-08-15 19:31 - 2018-06-27 16:55 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-08-15 19:31 - 2018-06-27 16:55 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-08-15 19:31 - 2018-06-27 16:55 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-08-15 19:31 - 2018-06-27 16:54 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-08-15 19:31 - 2018-06-27 16:54 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-08-15 19:31 - 2018-06-27 16:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-08-15 19:31 - 2018-06-27 16:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2018-08-15 19:31 - 2018-06-27 16:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2018-08-15 19:31 - 2018-06-27 16:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-08-15 19:31 - 2018-06-27 16:21 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-08-15 19:31 - 2018-06-27 16:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2018-08-15 19:31 - 2018-06-21 04:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-08-15 19:31 - 2018-06-21 04:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-08-15 19:24 - 2018-08-15 19:24 - 000000000 _____ C:\Windows\system32\last.dump
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-09-10 18:59 - 2009-07-14 05:45 - 000024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-10 18:59 - 2009-07-14 05:45 - 000024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-10 18:50 - 2009-07-14 06:13 - 000808714 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-10 18:50 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-09-10 18:47 - 2018-01-19 15:26 - 000000000 ____D C:\ProgramData\Norton
2018-09-10 18:46 - 2018-01-21 16:54 - 000000000 ____D C:\Program Files\Common Files\AV
2018-09-10 18:45 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-03 23:17 - 2018-01-19 15:26 - 000000000 ____D C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2018-09-03 23:09 - 2018-02-05 16:47 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2018-09-03 23:09 - 2018-01-19 15:34 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-09-03 23:09 - 2018-01-19 15:26 - 000001293 _____ C:\Users\Molly\Desktop\Norton Installation Files.lnk
2018-09-03 23:02 - 2018-02-05 18:09 - 000000000 ____D C:\Users\Molly\AppData\Local\Avg
2018-09-03 23:02 - 2018-02-05 18:09 - 000000000 ____D C:\ProgramData\Avg
2018-08-29 16:05 - 2018-01-16 21:15 - 000000000 ____D C:\ProgramData\clear.fi
2018-08-28 14:10 - 2009-07-14 06:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-08-25 13:51 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2018-08-23 14:57 - 2018-01-20 17:11 - 000000000 ____D C:\Users\Molly\AppData\Local\ElevatedDiagnostics
2018-08-22 16:42 - 2018-03-14 21:24 - 000785528 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-08-16 15:47 - 2009-07-14 05:45 - 000289776 _____ C:\Windows\system32\FNTCACHE.DAT
2018-08-15 20:40 - 2018-01-18 21:11 - 000000000 ____D C:\Windows\system32\MRT
2018-08-15 20:10 - 2018-01-18 21:11 - 137343192 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-08-14 19:32 - 2018-02-10 16:37 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-08-14 19:32 - 2018-02-10 16:37 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-14 19:32 - 2018-02-10 16:37 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-08-14 19:32 - 2018-02-10 16:37 - 000000000 ____D C:\Windows\system32\Macromed
2018-08-14 19:32 - 2011-04-07 11:21 - 000000000 ____D C:\Windows\SysWOW64\Macromed
 
==================== Files in the root of some directories =======
 
2018-05-29 11:07 - 2018-06-18 19:59 - 000003584 _____ () C:\Users\Molly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-08 16:02
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03
Ran by Molly (10-09-2018 19:09:14)
Running from C:\Users\Molly\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-01-16 02:50:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-358046910-582415168-262340602-500 - Administrator - Disabled)
Guest (S-1-5-21-358046910-582415168-262340602-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-358046910-582415168-262340602-1002 - Limited - Enabled)
Molly (S-1-5-21-358046910-582415168-262340602-1000 - Administrator - Enabled) => C:\Users\Molly
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Disabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Norton Security (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
FW: Norton Security (Disabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0301.2011 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Backup Manager V3 (HKLM-x32\...\{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
clear.fi (HKLM-x32\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1422.00 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}) (Version: 9.0.7418 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1422.00 - CyberLink Corp.)
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (HKLM-x32\...\{4736B0ED-F6A1-48EC-A1B7-C053027648F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (HKLM-x32\...\{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (HKLM-x32\...\{CB66242D-12B1-4494-82D2-6F53A7E024A3}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.5 - Acer Inc.)
MediaEspresso (HKLM-x32\...\{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}) (Version: 1.0.1418_35759 - CyberLink Corp.) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
My Craft Studio Elite 3.1.7.0 (HKLM-x32\...\{0A4240E4-9A49-4551-8557-12F8887B0DCA}_is1) (Version: 3.1.7.0 - Craft Channel Productions Ltd)
Norton Security (HKLM-x32\...\NGC) (Version: 22.12.0.104 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.150 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
OpenOffice 4.1.5 (HKLM-x32\...\{708F0253-F566-48F3-9B88-06F48F16548B}) (Version: 4.15.9789 - Apache Software Foundation)
Opera Stable 52.0.2871.64 (HKLM-x32\...\Opera 52.0.2871.64) (Version: 52.0.2871.64 - Opera Software)
Poczta usługi Windows Live (HKLM-x32\...\{64376910-1860-4CEF-8B34-AA5D205FC5F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\{7A9D47BA-6D50-4087-866F-0800D8B89383}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (HKLM-x32\...\{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6314 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (HKLM-x32\...\{C00C2A91-6CB3-483F-80B3-2958E29468F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (HKLM-x32\...\{E83DC314-C926-4214-AD58-147691D6FE9F}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (HKLM-x32\...\{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}) (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (HKLM-x32\...\{77F69CA1-E53D-4D77-8BA3-FA07606CC851}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (HKLM-x32\...\{4444F27C-B1A8-464E-9486-4C37BAB39A09}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (HKLM-x32\...\{CE929F09-3853-4180-BD90-30764BFF7136}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (HKLM-x32\...\{0A4C4B29-5A9D-4910-A13C-B920D5758744}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (HKLM-x32\...\{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.12.0.104\NavShExt.dll [2018-01-25] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.12.0.104\NavShExt.dll [2018-01-25] (Symantec Corporation)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-20] (Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.12.0.104\NavShExt.dll [2018-01-25] (Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01AB9D01-4ADD-41C1-B5F7-244E855852E4} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.12.0.104\SymErr.exe [2018-01-25] (Symantec Corporation)
Task: {1267367A-ED70-4300-A5AD-DFE99E880955} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.12.0.104\WSCStub.exe [2018-01-25] (Symantec Corporation)
Task: {1447325C-05A5-45C2-AFAC-C94FED96AF05} - System32\Tasks\{95C54FF1-B581-405B-BC93-01642F0679FC} => C:\Program Files (x86)\My Craft Studio Elite\My Craft Studio.exe [2013-06-17] ()
Task: {17FDF56B-D825-4AF0-84B8-4B4DC1BAAFAD} - System32\Tasks\{F3021623-EE36-4D56-B05F-D6B1B4FAAA06} => C:\Program Files (x86)\My Craft Studio Elite\My Craft Studio.exe [2013-06-17] ()
Task: {22D94FB7-1887-4F8D-8F4A-57B06428D354} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.12.0.104\SymErr.exe [2018-01-25] (Symantec Corporation)
Task: {264C9EFB-113B-4E8D-9F41-80B86C3D9889} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {4F05B9DD-C7E5-491A-A885-70412FB41477} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {53EDD440-C6A0-48C4-A434-E9E736306F5C} - System32\Tasks\{A371E80B-A488-4856-9708-21045B323340} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {58579DD2-60B5-4053-96EA-8D42AF080347} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-10] (Google Inc.)
Task: {754F7217-F355-425D-AD08-D1716B6723BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-10] (Google Inc.)
Task: {7F54E9D2-BBA1-4818-B170-4E0E1631F0CE} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink)
Task: {805816F7-1570-4800-AA04-272912499830} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated)
Task: {96796233-C726-44D8-B57E-5FAA243EB37C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-358046910-582415168-262340602-1000
Task: {A8A92759-96A1-4307-A4CB-A72C1D27B1E2} - System32\Tasks\{27D95E25-24DB-44FA-9697-F468AD8771D5} => C:\Program Files (x86)\My Craft Studio Elite\My Craft Studio.exe [2013-06-17] ()
Task: {C25543E8-10A1-4FD5-8110-E74328F3D03A} - System32\Tasks\Norton Security Scan for Molly => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.150\Nss.exe [2018-01-10] (Symantec Corporation)
Task: {EAB35F6F-2192-48B4-AAAF-183178FCDF74} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-06-25] (AVG Technologies CZ, s.r.o.)
Task: {EB76EB9A-28BB-4C80-A6B8-629156A5E805} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)
Task: {F7B995BB-9EBE-4277-BD6D-ACCBBC8057BC} - System32\Tasks\Opera scheduled Autoupdate 1516371695 => C:\Program Files\Opera\launcher.exe [2018-06-28] (Opera Software)
Task: {FFADD753-B1CA-4DD8-BE32-762937114425} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-02-15 19:37 - 2011-02-15 19:37 - 000465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-02-15 19:36 - 2011-02-15 19:36 - 001081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-02-15 19:37 - 2011-02-15 19:37 - 000125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-02-22 11:01 - 2011-02-22 11:01 - 000206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2011-04-07 10:26 - 2010-04-13 17:52 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2018-08-20 14:54 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-358046910-582415168-262340602-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Molly\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2BBAB81B-6EDB-4E02-B846-B685B9544283}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3CD0D063-5531-4328-91A6-216895309A4B}] => (Allow) LPort=2869
FirewallRules: [{F5E0A158-CC3D-4B21-9B2F-4614581EB9CF}] => (Allow) LPort=1900
FirewallRules: [{C92C406A-5D6F-4316-99BF-38374D838C62}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{852FF7CD-BE79-45F3-A944-5030618A1439}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{DB8ECF01-1625-4733-9135-BC97647ECFC5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{49863BC6-F235-4A7E-BF8C-44A236AA25BE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{548C87D8-5AE0-43C6-BB96-74986F0093D4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{FD5ED3C9-832C-4780-92ED-271ABF907268}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{9E1733C5-2F9A-4C07-BD05-9F38501CDE09}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{65D2735F-69F0-465F-84C1-C9B41240DC1A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{705FCD4F-3DCD-41C1-B832-A7C045C5D726}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{1788FD10-2D22-4123-B6BE-E57FC8B16B58}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4A0899A3-C175-4C37-B7D8-08DA77CC0AC4}] => (Allow) C:\Program Files\Opera\52.0.2871.40\opera.exe
FirewallRules: [{160BD627-FCE8-49A9-966B-3C3E79F5531B}] => (Allow) C:\Program Files\Opera\52.0.2871.64\opera.exe
FirewallRules: [{9379ABD4-22A5-4C91-948D-7C0E4B6DD32E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4BF054D1-CE6E-4B53-9BDE-57CCD3F771AD}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{7C8873A0-8F25-49F5-B2DB-86658DB1BBBA}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/10/2018 07:05:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 1.9.2018.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1384
 
Start Time: 01d4492eee6ad231
 
Termination Time: 0
 
Application Path: C:\Users\Molly\Desktop\FRST64.exe
 
Report Id: 8e24e9b3-b523-11e8-b175-b870f48a7da0
 
Error: (09/10/2018 06:46:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorIcon.exe, version: 9.6.2.1001, time stamp: 0x4bc4a163
Faulting module name: mscorwks.dll, version: 2.0.50727.8793, time stamp: 0x5b55bf6a
Exception code: 0xc0000006
Fault offset: 0x0000a13a
Faulting process id: 0x%9
Faulting application start time: 0xIAStorIcon.exe0
Faulting application path: IAStorIcon.exe1
Faulting module path: IAStorIcon.exe2
Report Id: IAStorIcon.exe3
 
Error: (09/09/2018 11:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorIcon.exe, version: 9.6.2.1001, time stamp: 0x4bc4a163
Faulting module name: mscorwks.dll, version: 2.0.50727.8793, time stamp: 0x5b55bf6a
Exception code: 0xc0000006
Fault offset: 0x0000a13a
Faulting process id: 0x%9
Faulting application start time: 0xIAStorIcon.exe0
Faulting application path: IAStorIcon.exe1
Faulting module path: IAStorIcon.exe2
Report Id: IAStorIcon.exe3
 
Error: (09/03/2018 11:29:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorIcon.exe, version: 9.6.2.1001, time stamp: 0x4bc4a163
Faulting module name: mscorwks.dll, version: 2.0.50727.8793, time stamp: 0x5b55bf6a
Exception code: 0xc0000006
Fault offset: 0x0000a13a
Faulting process id: 0x%9
Faulting application start time: 0xIAStorIcon.exe0
Faulting application path: IAStorIcon.exe1
Faulting module path: IAStorIcon.exe2
Report Id: IAStorIcon.exe3
 
Error: (08/30/2018 03:07:52 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131506
 
Error: (08/26/2018 04:07:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Nss.exe version 4.6.1.150 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15e8
 
Start Time: 01d43d4e5b519c49
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.150\Nss.exe
 
Report Id: af3e641a-a941-11e8-80f1-b870f48a7da0
 
Error: (08/23/2018 03:02:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 590
 
Start Time: 01d43ae48f192bac
 
Termination Time: 62
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 2e8d0e4c-a6dd-11e8-b837-b870f48a7da0
 
Error: (08/22/2018 07:32:32 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070017.
 
 
System errors:
=============
Error: (09/10/2018 06:55:22 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/10/2018 06:55:19 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/10/2018 06:55:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/10/2018 06:55:13 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/10/2018 06:55:11 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/10/2018 06:52:31 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/10/2018 06:52:28 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/10/2018 06:52:25 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 2806.75 MB
Available physical RAM: 1671.88 MB
Total Virtual: 5611.65 MB
Available Virtual: 4240.11 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:408.67 GB) NTFS
 
\\?\Volume{b7b60b5c-fa5e-11e7-9f7b-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{b7b60b5b-fa5e-11e7-9f7b-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:16 GB) (Free:3.26 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D6AB2263)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
JSntgRvr
Posted 12 September 2018 - 08:37 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Sorry for the delay. Indeed the hard Drive is failing.

 

 

  • Highlight the entire content of the quote box below.

Start::
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
FirewallRules: [{3CD0D063-5531-4328-91A6-216895309A4B}] => (Allow) LPort=2869
FirewallRules: [{F5E0A158-CC3D-4B21-9B2F-4614581EB9CF}] => (Allow) LPort=1900
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 

If successful, replace the hard drive.

 

Keep me posted.


  • 0

#3
bytesize
Posted 13 September 2018 - 05:45 AM

bytesize

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

Thanks for your time here is the requested log-

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03
Ran by Molly (13-09-2018 12:22:05) Run:1
Running from C:\Users\Molly\Desktop
Loaded Profiles: Molly (Available Profiles: Molly)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
FirewallRules: [{3CD0D063-5531-4328-91A6-216895309A4B}] => (Allow) LPort=2869
FirewallRules: [{F5E0A158-CC3D-4B21-9B2F-4614581EB9CF}] => (Allow) LPort=1900
 
*****************
 
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot" => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE" => removed successfully
HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CD0D063-5531-4328-91A6-216895309A4B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5E0A158-CC3D-4B21-9B2F-4614581EB9CF}" => removed successfully
 
==== End of Fixlog 12:22:30 ====
 
Noticed that 2 of the registry entries were not found is that ok to replace disk, if it was my own laptop I would just do a fresh install on a new hdd, but I was hoping to get away with cloning it. What would you advise now.
 
Thanks

  • 0

#4
JSntgRvr
Posted 14 September 2018 - 09:00 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

A fresh install is the preferred method as Read Only files may refuse to move to the other drive.


  • 0

#5
bytesize
Posted 18 September 2018 - 09:56 AM

bytesize

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts

Thanks for your help and advice, I have replaced the hard drive and I am in the process of installing windows 7, if i need some help with that should I start a new thread and post in Windows 7 forum.

 

Thanks


  • 0

#6
JSntgRvr
Posted 19 September 2018 - 09:10 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

You are welcome.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP