Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

various issues, interesting ones at that


  • Please log in to reply

#1
darkmj16

darkmj16

    Member

  • Member
  • PipPip
  • 52 posts

wellll hello everyone. ive used guides and what not here before but now im lost. and im about to pull my hair out. so many random things happening. heres just a few things i remember right off my head. its a dell inspiron 17r with an i5. ok so... the battery icon will disappear, and i have to go to device manager to disable the batt and enable it to get the icon back. when i start windows half the time avg will be disabled. other times it wont. i do not change avg settings. the internet will disconnect, randomly be slow, have checked the router with other devices, not the router or ISP. programs will hang and sometimes not even work unless i restart the program. and now most recently my bluetooth has stopped working. its not any device, ive narrowed it down to a software issue. ive uninstalled and reinstalled the drivers. nothing. system sounds will change now and then. i think theres more but ill add as i think or see them.

 

something is going on with my mouse pad now. the program keeps getting blocked or corrupted or something but i get an error msg saying the enhancements failed to start.

 

so heres the really interesting parts...

ran spybot, updated, deep scan, no results. ran in safe mode, no results

ran avg, updated, deep scan. no results. ran in safe mode, no results

ran mbam, updated, deep scan. had some things come up but nothing major, fixed anyway. ran in safe mode, more things. fixed them

ran ccleaner in safe mode, fix the normal issues. ran the reg cleaner fixed the few issues.

ran decrp my computer in safe mode, holy [bleep]... fixed issues and the whole book of reg errors from the cleaning part. thought it fixed it. nope. sped up the system some doing that but the problems remain.

 

i feel like its a infection of something but nothing has found any trace of anything. so idk if a program, an infection, or if there was an infection and now problems are coming up idk. please someone help me. 

 

logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by User (administrator) on USER-PC (07-11-2018 05:12:25)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Wargaming.net) C:\non-os\World_of_Tanks\WargamingGameUpdater.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Safer-Networking Ltd.) C:\non-os\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Wargaming.net) C:\non-os\World_of_Tanks\WorldOfTanks.exe
(Wargaming.net) C:\non-os\World_of_Tanks\res\cef\cef_browser_process.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [290064 2018-10-10] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoThemesTab] 1
BootExecute: 
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1894722739-3979997351-3746568665-1000] => localhost:21320
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{096D4EA8-B3B7-4B42-B91A-2D6753E86104}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{A3E44CE9-87D0-4413-A0C7-3C41D31D1BAE}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{C0C5A3B0-8751-4A61-ADB0-CA4752ACE43F}: [DhcpNameServer] 172.16.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2018-10-25] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2018-10-25] (Oracle Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-09-25] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2018-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2018-10-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-563448c1
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-11-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-13]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2018-02-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-04]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2018-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-26]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-04]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [325072 2018-10-10] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [8237160 2018-10-10] (AVG Technologies CZ, s.r.o.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc.)
S3 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
S3 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
S3 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
S3 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-11-04] (PC-Doctor, Inc.)
S3 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23800 2018-10-18] (Intel)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 SDScannerService; C:\non-os\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\non-os\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\non-os\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257112 2017-12-16] (Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-12-16] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [201264 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [230880 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [202296 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [346616 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [59520 2018-10-10] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [46920 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42312 2018-10-10] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [163224 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87968 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1028696 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [467760 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [380992 2018-10-10] (AVG Technologies CZ, s.r.o.)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [156616 2018-05-16] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1566152 2018-05-16] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-11-04] (Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [124872 2018-05-16] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3485640 2018-05-11] (Intel Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45144 2017-12-16] (Synaptics Incorporated)
S3 iscFlash; \??\C:\Users\User\AppData\Local\Temp\7zS5946.tmp\iscflashx64.sys [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-07 05:12 - 2018-11-07 05:13 - 000015561 _____ C:\Users\User\Desktop\FRST.txt
2018-11-06 00:25 - 2018-11-06 00:25 - 002414592 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2018-11-04 19:11 - 2018-11-04 20:37 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2018-11-04 08:55 - 2018-11-04 08:55 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-11-04 07:28 - 2018-11-04 07:28 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-11-04 07:28 - 2018-11-04 07:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-11-04 07:28 - 2018-11-04 07:28 - 000000000 ____D C:\Program Files\iPod
2018-11-04 06:20 - 2018-11-04 20:33 - 000000000 ____D C:\Program Files (x86)\Intel
2018-11-04 06:15 - 2018-11-04 06:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-11-04 06:14 - 2018-11-04 06:15 - 000000000 ____D C:\Program Files\Dell
2018-11-04 06:09 - 2018-11-04 06:09 - 000000000 ____D C:\ProgramData\Intel
2018-11-04 04:21 - 2018-11-04 04:21 - 000000000 ____D C:\Users\User\Documents\ProcAlyzer Dumps
2018-11-03 21:52 - 2018-11-04 06:01 - 000010658 _____ C:\Windows\ntbtlog.txt
2018-11-03 19:45 - 2018-11-04 20:45 - 000000000 ____D C:\Windows\LastGood
2018-11-03 19:45 - 2018-11-03 19:45 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-11-03 19:32 - 2018-11-03 19:32 - 000000000 ____D C:\Users\User\Downloads\Intel Driver and Support Assistant
2018-11-03 19:18 - 2018-11-04 06:09 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-11-03 19:18 - 2018-11-03 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-11-03 16:57 - 2018-11-03 16:59 - 141110631 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.2.0.1_12.exe
2018-11-03 14:37 - 2018-11-03 14:37 - 000000000 ____D C:\Users\Public\Documents\Logishrd
2018-11-02 21:06 - 2018-11-02 21:06 - 004213823 _____ C:\Users\User\Desktop\carfax silverado.pdf
2018-10-28 17:53 - 2018-10-28 18:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Padlock
2018-10-28 04:41 - 2017-05-11 07:23 - 000053248 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2018-10-28 04:40 - 2017-05-11 07:23 - 000816640 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2018-10-28 04:40 - 2017-05-11 07:23 - 000401408 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2018-10-28 04:40 - 2017-05-11 07:23 - 000023552 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2018-10-28 04:39 - 2018-10-28 04:39 - 000000000 ____D C:\Windows\LastGood.Tmp
2018-10-27 04:53 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2018-10-27 04:53 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-10-27 04:35 - 2018-10-27 04:36 - 000000000 ____D C:\ProgramData\BSD
2018-10-25 17:44 - 2017-12-16 19:03 - 000045144 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2018-10-25 17:28 - 2018-10-25 17:38 - 000000000 ____D C:\SeaTemp
2018-10-25 17:11 - 2018-10-25 17:11 - 000000000 ____D C:\Dell
2018-10-25 17:06 - 2017-12-16 19:04 - 000803928 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2018-10-25 17:06 - 2017-12-16 19:04 - 000428120 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2018-10-25 17:06 - 2017-12-16 19:04 - 000297048 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo46-4.dll
2018-10-25 17:06 - 2017-12-16 19:04 - 000278616 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2018-10-25 17:06 - 2017-12-16 19:03 - 000674392 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000070232 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynPTPHID_Aux.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000057432 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynRMIHID_Aux.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000045144 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel_Aux.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000044120 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2018-10-25 17:06 - 2014-01-30 18:17 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2018-10-25 17:05 - 2018-10-25 17:05 - 000000000 ____D C:\ProgramData\Synaptics
2018-10-25 02:17 - 2018-10-27 14:31 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-25 02:11 - 2018-10-25 02:11 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\227BE3D1.sys
2018-10-25 01:51 - 2018-10-25 01:51 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decrap my Computer
2018-10-25 01:21 - 2018-10-25 01:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVG
2018-10-25 01:18 - 2018-10-25 01:18 - 000001089 _____ C:\Users\User\Desktop\Windows Media Player.lnk
2018-10-25 00:55 - 2018-10-25 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
2018-10-25 00:55 - 2018-10-25 00:55 - 000098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-10-25 00:55 - 2018-10-25 00:55 - 000001128 _____ C:\Users\User\Desktop\MP3 Rocket 7.4.1.lnk
2018-10-25 00:54 - 2018-10-25 00:54 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-25 00:22 - 2018-10-25 00:22 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-10-24 23:26 - 2018-10-24 23:28 - 000000000 ____D C:\Users\User\.mp3rocket
2018-10-20 16:34 - 2018-10-20 16:34 - 000041608 _____ (Dell Inc.) C:\Windows\system32\Drivers\DDDriver64Dcsa.sys
2018-10-20 16:34 - 2018-10-20 16:34 - 000041208 _____ (Dell Computer Corporation) C:\Windows\system32\Drivers\DellProf.sys
2018-10-12 19:41 - 2018-10-12 19:51 - 000000000 ____D C:\AdwCleaner
2018-10-12 19:41 - 2018-10-12 19:41 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5662B627.sys
2018-10-12 19:40 - 2018-10-25 03:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-10-12 17:57 - 2018-11-07 05:12 - 000000000 ____D C:\FRST
2018-10-11 08:05 - 2018-10-11 08:05 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2018-10-11 08:04 - 2018-10-11 08:04 - 000001686 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-11 08:04 - 2018-10-11 08:04 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray
2018-10-11 08:04 - 2018-10-11 08:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-10 05:27 - 2018-10-27 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-10 05:16 - 2018-10-10 05:16 - 000000000 ____D C:\iTunes_Control
2018-10-10 04:54 - 2018-10-10 04:54 - 000000000 ____D C:\ProgramData\Varys
2018-10-10 03:43 - 2018-10-25 01:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Decrap my Computer
2018-10-10 02:46 - 2018-10-10 00:33 - 000378640 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-10-10 02:18 - 2018-10-10 02:18 - 000000002 _____ C:\Users\User\AppData\Roaming\20181010031823.dat
2018-10-10 01:42 - 2018-10-10 01:42 - 000000000 ____D C:\Users\User\AppData\Roaming\HYXDevPsnList
2018-10-10 01:42 - 2018-10-10 01:42 - 000000000 ____D C:\Users\User\AppData\Roaming\dr.extra.config
2018-10-10 01:41 - 2018-10-10 01:42 - 000000000 ____D C:\Users\User\AppData\Roaming\Wondershare
2018-10-10 01:40 - 2018-10-10 03:04 - 000000000 ____D C:\ProgramData\Wondershare
2018-10-10 01:40 - 2018-10-10 01:40 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-10-10 01:40 - 2017-09-27 16:29 - 000000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2018-10-10 00:33 - 2018-10-10 00:32 - 000042312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2018-10-09 12:52 - 2018-09-19 03:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2018-10-09 12:52 - 2018-09-18 14:08 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-10-09 12:52 - 2018-09-18 13:10 - 000348976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-10-09 12:52 - 2018-09-18 00:52 - 025735168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-10-09 12:52 - 2018-09-18 00:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-10-09 12:52 - 2018-09-18 00:38 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-10-09 12:52 - 2018-09-18 00:27 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-10-09 12:52 - 2018-09-18 00:26 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-10-09 12:52 - 2018-09-18 00:25 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-10-09 12:52 - 2018-09-18 00:25 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-10-09 12:52 - 2018-09-18 00:25 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-10-09 12:52 - 2018-09-18 00:25 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-10-09 12:52 - 2018-09-18 00:19 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-10-09 12:52 - 2018-09-18 00:18 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-10-09 12:52 - 2018-09-18 00:16 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-10-09 12:52 - 2018-09-18 00:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-10-09 12:52 - 2018-09-18 00:15 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-10-09 12:52 - 2018-09-18 00:14 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-10-09 12:52 - 2018-09-18 00:14 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-10-09 12:52 - 2018-09-18 00:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-10-09 12:52 - 2018-09-18 00:09 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-10-09 12:52 - 2018-09-18 00:06 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-10-09 12:52 - 2018-09-18 00:01 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-10-09 12:52 - 2018-09-18 00:00 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-10-09 12:52 - 2018-09-18 00:00 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-10-09 12:52 - 2018-09-17 23:57 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-10-09 12:52 - 2018-09-17 23:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-10-09 12:52 - 2018-09-17 23:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-10-09 12:52 - 2018-09-17 23:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-10-09 12:52 - 2018-09-17 23:45 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-10-09 12:52 - 2018-09-17 23:43 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-10-09 12:52 - 2018-09-17 23:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-10-09 12:52 - 2018-09-17 23:41 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-10-09 12:52 - 2018-09-17 23:41 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-10-09 12:52 - 2018-09-17 23:39 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-10-09 12:52 - 2018-09-17 23:35 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-10-09 12:52 - 2018-09-17 23:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-10-09 12:52 - 2018-09-17 23:31 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-10-09 12:52 - 2018-09-17 23:23 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-10-09 12:52 - 2018-09-17 23:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-10-09 12:52 - 2018-09-17 23:21 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-10-09 12:52 - 2018-09-17 23:20 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-10-09 12:52 - 2018-09-17 23:20 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-10-09 12:52 - 2018-09-17 23:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-10-09 12:52 - 2018-09-17 23:18 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-10-09 12:52 - 2018-09-17 23:15 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-10-09 12:52 - 2018-09-17 23:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-10-09 12:52 - 2018-09-17 23:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-10-09 12:52 - 2018-09-17 23:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-10-09 12:52 - 2018-09-17 23:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-10-09 12:52 - 2018-09-17 23:12 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-10-09 12:52 - 2018-09-17 23:10 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-10-09 12:52 - 2018-09-17 23:06 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-10-09 12:52 - 2018-09-17 23:03 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-10-09 12:52 - 2018-09-17 23:02 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-10-09 12:52 - 2018-09-17 23:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-10-09 12:52 - 2018-09-17 23:00 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-10-09 12:52 - 2018-09-17 22:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-10-09 12:52 - 2018-09-17 22:58 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-10-09 12:52 - 2018-09-17 22:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-10-09 12:52 - 2018-09-17 22:57 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-10-09 12:52 - 2018-09-17 22:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-10-09 12:52 - 2018-09-17 22:52 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-10-09 12:52 - 2018-09-17 22:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-10-09 12:52 - 2018-09-17 22:50 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-10-09 12:52 - 2018-09-17 22:50 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-10-09 12:52 - 2018-09-17 22:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-10-09 12:52 - 2018-09-17 22:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-10-09 12:52 - 2018-09-17 22:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-10-09 12:52 - 2018-09-11 13:28 - 003227136 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-10-09 12:52 - 2018-09-11 13:23 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-10-09 12:52 - 2018-09-11 13:22 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-10-09 12:52 - 2018-09-08 20:02 - 005552328 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-10-09 12:52 - 2018-09-08 20:02 - 001680072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-10-09 12:52 - 2018-09-08 20:02 - 000986824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-10-09 12:52 - 2018-09-08 20:02 - 000708296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-10-09 12:52 - 2018-09-08 20:02 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-10-09 12:52 - 2018-09-08 20:02 - 000265416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-10-09 12:52 - 2018-09-08 20:02 - 000262344 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-10-09 12:52 - 2018-09-08 20:02 - 000154824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-10-09 12:52 - 2018-09-08 20:02 - 000095432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-10-09 12:52 - 2018-09-08 20:01 - 001664320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 002851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-10-09 12:52 - 2018-09-08 19:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-10-09 12:52 - 2018-09-08 19:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-10-09 12:52 - 2018-09-08 19:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-10-09 12:52 - 2018-09-08 19:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-10-09 12:52 - 2018-09-08 19:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-10-09 12:52 - 2018-09-08 19:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-10-09 12:52 - 2018-09-08 19:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-10-09 12:52 - 2018-09-08 19:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-10-09 12:52 - 2018-09-08 19:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:46 - 004054216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-10-09 12:52 - 2018-09-08 19:46 - 003959496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-10-09 12:52 - 2018-09-08 19:46 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-10-09 12:52 - 2018-09-08 19:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2018-10-09 12:52 - 2018-09-08 19:44 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-10-09 12:52 - 2018-09-08 19:44 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-10-09 12:52 - 2018-09-08 19:44 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-10-09 12:52 - 2018-09-08 19:44 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-10-09 12:52 - 2018-09-08 19:44 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-10-09 12:52 - 2018-09-08 19:44 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-10-09 12:52 - 2018-09-08 19:44 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-10-09 12:52 - 2018-09-08 19:44 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-10-09 12:52 - 2018-09-08 19:44 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-10-09 12:52 - 2018-09-08 19:44 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-10-09 12:52 - 2018-09-08 19:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-10-09 12:52 - 2018-09-08 19:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-10-09 12:52 - 2018-09-08 19:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-10-09 12:52 - 2018-09-08 19:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-10-09 12:52 - 2018-09-08 19:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-10-09 12:52 - 2018-09-08 19:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-10-09 12:52 - 2018-09-08 19:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-10-09 12:52 - 2018-09-08 19:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-10-09 12:52 - 2018-09-08 19:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-10-09 12:52 - 2018-09-08 19:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-10-09 12:52 - 2018-09-08 19:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-10-09 12:52 - 2018-09-08 19:25 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-10-09 12:52 - 2018-09-08 19:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-10-09 12:52 - 2018-09-08 19:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-10-09 12:52 - 2018-09-08 19:21 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-10-09 12:52 - 2018-09-08 19:21 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-10-09 12:52 - 2018-09-08 19:20 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-10-09 12:52 - 2018-09-08 19:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-10-09 12:52 - 2018-09-08 19:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-10-09 12:52 - 2018-09-08 19:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-10-09 12:52 - 2018-09-08 19:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-10-09 12:52 - 2018-09-08 19:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-10-09 12:52 - 2018-09-08 19:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-10-09 12:52 - 2018-09-08 19:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-10-09 12:52 - 2018-09-08 19:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-10-09 12:52 - 2018-09-08 19:13 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-10-09 12:52 - 2018-09-08 19:13 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-10-09 12:52 - 2018-09-08 19:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-10-09 12:52 - 2018-09-08 19:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-10-09 12:52 - 2018-09-08 19:12 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-10-09 12:52 - 2018-09-08 19:12 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-10-09 12:52 - 2018-09-08 19:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-10-09 12:52 - 2018-08-28 01:24 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-10-09 12:52 - 2018-08-28 01:24 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-10-09 12:52 - 2018-08-28 01:24 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-10-09 12:52 - 2018-08-28 01:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-10-09 12:52 - 2018-08-28 01:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-10-09 12:52 - 2018-08-28 01:09 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-10-09 12:52 - 2018-08-28 01:09 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-10-09 12:52 - 2018-08-28 00:52 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-10-09 12:52 - 2018-08-28 00:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-10-09 12:52 - 2018-08-28 00:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-10-09 12:52 - 2018-08-15 21:18 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2018-10-09 12:52 - 2018-08-13 16:49 - 001391856 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-10-09 12:52 - 2018-08-13 10:54 - 000687616 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-10-09 12:52 - 2018-08-12 15:32 - 000140976 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-10-09 12:52 - 2018-08-12 15:27 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-10-09 12:52 - 2018-08-08 10:54 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-10-09 12:52 - 2018-08-08 10:54 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-10-09 12:52 - 2018-08-08 10:40 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-10-09 12:52 - 2018-08-08 10:40 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-07 05:01 - 2009-07-14 00:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-07 05:01 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-11-05 23:35 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-05 23:35 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-05 23:28 - 2018-08-24 20:18 - 000000000 ____D C:\Users\Public\Logi
2018-11-05 23:27 - 2018-02-12 23:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2018-11-05 23:27 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-05 23:27 - 2009-07-13 23:45 - 000314800 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-04 19:55 - 2018-02-12 23:58 - 000073440 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-04 19:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-11-04 08:04 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-11-04 07:27 - 2018-02-13 17:27 - 000000000 ____D C:\non-os
2018-11-04 06:16 - 2018-02-13 21:25 - 000000000 ____D C:\ProgramData\PCDr
2018-11-04 06:14 - 2018-02-13 20:24 - 000000000 ____D C:\ProgramData\SupportAssist
2018-11-04 05:51 - 2018-02-13 20:36 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-11-04 05:36 - 2018-02-13 18:16 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-04 05:36 - 2018-02-13 18:16 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-04 05:32 - 2018-02-13 18:29 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2018-11-04 05:16 - 2018-02-13 21:26 - 000001990 _____ C:\Users\User\Desktop\AVG AntiVirus FREE.lnk
2018-11-03 19:46 - 2018-02-12 23:50 - 000000000 ____D C:\Users\User\AppData\Roaming\Intel
2018-11-03 19:43 - 2018-02-12 23:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-02 22:32 - 2018-01-15 13:26 - 000000324 _____ C:\Users\User\Desktop\misc.txt
2018-10-28 23:50 - 2018-02-13 21:26 - 000004162 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-10-27 22:56 - 2018-07-04 11:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2018-10-27 13:59 - 2018-08-19 21:51 - 000000000 ____D C:\Users\User\Desktop\Deadpool 2 (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:58 - 2018-08-19 21:51 - 000000000 ____D C:\Users\User\Desktop\Meet The Spartans (2008) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:58 - 2018-08-19 21:51 - 000000000 ____D C:\Users\User\Desktop\Avengers Infinity War (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:57 - 2018-09-09 17:37 - 000000000 ____D C:\Users\User\Desktop\Super Troopers 2 (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:57 - 2018-09-09 17:37 - 000000000 ____D C:\Users\User\Desktop\Jurassic World Fallen Kingdom (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 04:57 - 2017-12-16 04:28 - 000776220 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-10-27 04:35 - 2009-07-13 21:34 - 000000466 _____ C:\Windows\win.ini
2018-10-25 18:16 - 2018-02-13 00:20 - 000002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-25 02:20 - 2018-02-13 20:41 - 000000000 ____D C:\Users\User\Desktop\OS Tools
2018-10-25 01:21 - 2018-02-13 18:16 - 000000000 ____D C:\Users\User\Incomplete
2018-10-25 01:10 - 2018-02-13 17:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2018-10-25 00:58 - 2018-02-13 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2018-10-25 00:58 - 2018-02-13 18:14 - 000000000 ____D C:\Program Files (x86)\MP3 Rocket
2018-10-25 00:55 - 2018-08-18 00:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-24 22:28 - 2018-02-13 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-10-22 18:16 - 2018-02-13 21:58 - 000000000 ____D C:\Users\User\AppData\Local\Jagex
2018-10-22 18:16 - 2018-02-13 21:43 - 000000000 ____D C:\ProgramData\Jagex
2018-10-14 23:06 - 2018-02-12 23:36 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2018-10-12 19:41 - 2018-02-13 20:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-12 19:34 - 2009-07-13 21:34 - 079953920 _____ C:\Windows\system32\config\software.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 019398656 _____ C:\Windows\system32\config\system.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 000262144 _____ C:\Windows\system32\config\default.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 000028672 _____ C:\Windows\system32\config\sam.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 000024576 _____ C:\Windows\system32\config\security.rcbak
2018-10-12 19:12 - 2009-07-13 22:20 - 000000000 ____D C:\PerfLogs
2018-10-11 05:40 - 2018-02-13 17:33 - 000000000 ____D C:\Program Files\Bonjour
2018-10-11 01:36 - 2018-02-13 20:40 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-10-11 01:04 - 2018-02-13 20:40 - 000001861 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-10-11 01:04 - 2018-02-13 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-10-10 05:41 - 2017-12-16 04:20 - 000000000 ____D C:\Windows\Panther
2018-10-10 01:05 - 2018-02-13 00:20 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-10-10 01:05 - 2018-02-13 00:20 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-10-10 00:33 - 2018-02-13 21:26 - 000467760 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-10-10 00:33 - 2018-02-13 21:26 - 000380992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-10-10 00:33 - 2018-02-13 21:26 - 000201264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-10-10 00:33 - 2018-02-13 21:26 - 000163224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-10-10 00:33 - 2018-02-13 21:26 - 000087968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-10-10 00:33 - 2018-02-13 21:26 - 000046920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-10-10 00:32 - 2018-02-13 21:26 - 001028696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-10-10 00:31 - 2018-02-13 21:26 - 000346616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-10-10 00:31 - 2018-02-13 21:26 - 000230880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-10-10 00:31 - 2018-02-13 21:26 - 000202296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-10-10 00:31 - 2018-02-13 21:26 - 000059520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2018-10-09 17:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-10-09 04:22 - 2018-10-07 18:43 - 000000777 _____ C:\Users\User\Desktop\truck fuses.txt
 
==================== Files in the root of some directories =======
 
2018-10-10 02:18 - 2018-10-10 02:18 - 000000002 _____ () C:\Users\User\AppData\Roaming\20181010031823.dat
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-11-04 09:24
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by User (07-11-2018 05:13:45)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-02-13 04:35:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1894722739-3979997351-3746568665-500 - Administrator - Disabled)
Guest (S-1-5-21-1894722739-3979997351-3746568665-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1894722739-3979997351-3746568665-1002 - Limited - Enabled)
User (S-1-5-21-1894722739-3979997351-3746568665-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{B753FD71-4EB8-4842-9016-B1B97ACBDC79}) (Version: 7.1 - Intel) Hidden
µTorrent (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Aslain's WoT Modpack version 1.2.0.1.12 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.2.0.1.12 - Aslain)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.7.3069 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Computing Improvement Program (HKLM\...\{2C895850-899F-4E06-ADB6-28A654FFCF9D}) (Version: 2.2.04036 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM\...\{00000060-0200-4FD1-8F3D-148929CC1385}) (Version: 20.60.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{e5a12991-d0a9-4922-a125-fce431f55219}) (Version: 3.6.0.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{31a05164-f722-485c-90e3-db78421fa156}) (Version: 20.70.0 - Intel Corporation)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 14.5.3 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.3 - KLCP)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.114 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.4.1 - MP3 Rocket Inc)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.0 - Power Software Ltd)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Windows 7 Manager (HKLM\...\{21F090D4-3CBD-4AAC-9E7C-76CF4EA574F4}) (Version: 5.1.4 - Yamicsoft)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\non-os\PowerISO\PWRISOSH.DLL [2018-02-11] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\non-os\PowerISO\PWRISOSH.DLL [2018-02-11] (Power Software Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-28] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\non-os\PowerISO\PWRISOSH.DLL [2018-02-11] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1D805E67-1A69-4643-9443-E96C5D6D1D0E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-10-28] (AVG Technologies CZ, s.r.o.)
Task: {235287EF-AC58-4443-A041-50945CF63EEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {26584543-FA2D-46AC-940F-9733633F0FC1} - \CCleaner Update -> No File <==== ATTENTION
Task: {2B944B7E-9C8A-42CC-85A7-350885595046} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3007366A-5675-4FED-9ED2-3AFC02481C92} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {A08B8E1F-63A3-4D62-9C1D-08E65F82FA6C} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon -> No File <==== ATTENTION
Task: {A8B5B1C1-B6D8-4DF6-AFD6-D2A759FA6DCD} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled -> No File <==== ATTENTION
Task: {CD636009-1D6B-4768-9A34-46C2D9FEC277} - \klcp_update -> No File <==== ATTENTION
Task: {D31E9446-6468-4DBE-A05F-9CEC7E7AA889} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {D5ABDBF4-5018-40E3-8B9C-4DFFCCEBEE7E} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 -> No File <==== ATTENTION
Task: {D629B3C2-6693-45ED-A8B6-56DCD1BDC61C} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-10-10] (AVG Technologies CZ, s.r.o.)
Task: {EA2C7060-900C-45A9-80F6-EC98AD7B9B4B} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver -> No File <==== ATTENTION
Task: {F8932119-869E-44BD-B406-854CD7FE84CF} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {FC0C2614-BF7C-49BB-9E41-AD87A771CE42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-06-28 04:04 - 2016-06-28 04:04 - 000382072 _____ () C:\Windows\system32\igfxTray.exe
2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000077824 _____ () C:\Program Files\Common Files\Logishrd\LAClient\zlib.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000144896 _____ () C:\Program Files\Common Files\Logishrd\LAClient\libssh2.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000726288 ____N () c:\Program Files\AVG\Antivirus\x64\StreamBack.dll
2018-10-25 18:16 - 2018-10-23 16:24 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libglesv2.dll
2018-10-25 18:16 - 2018-10-23 16:24 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libegl.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000919312 ____N () C:\Program Files\AVG\Antivirus\anen.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000595728 ____N () C:\Program Files\AVG\Antivirus\streamback.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000496912 ____N () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 001112336 ____N () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-11-07 04:59 - 2018-11-07 04:59 - 005714120 _____ () C:\Program Files\AVG\Antivirus\defs\18110700\algo.dll
2018-03-12 20:02 - 2018-03-12 20:02 - 067127976 ____N () C:\Program Files\AVG\Antivirus\libcef.dll
2018-02-13 18:51 - 2018-01-26 06:08 - 000323568 _____ () C:\non-os\World_of_Tanks\ortp.dll
2018-02-13 18:51 - 2018-06-07 05:05 - 000147776 _____ () C:\non-os\World_of_Tanks\ILU.dll
2018-02-13 18:51 - 2018-06-07 05:05 - 001536832 _____ () C:\non-os\World_of_Tanks\ResIL.dll
2018-10-18 18:01 - 2018-10-31 05:13 - 048944960 _____ () C:\non-os\World_of_Tanks\res\cef\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.reg: txtfile => %SystemRoot%\system32\NOTEPAD.EXE %1 <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2018-10-25 03:12 - 000000115 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CE33B4CE-020E-45B5-A5C5-9B05883F30BB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{98D344CF-C049-4005-B576-52078AE43075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C2CFF724-A9CD-47D8-9C0F-91E4144B60E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4054BF6-D262-4B9B-9902-E2D629658853}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F1DBDC1-CC6D-401A-8058-FAA8C19DBD34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DC388C2-4198-4BA3-A8DA-64E6CFAEB85E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A30BD90-CC0E-49FC-9C52-8472F6994B56}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{162D7D73-B4BC-4F3A-B145-D6CE0175E801}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{83FEBAFC-F7C2-435F-B7BD-9C51FB11846B}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{C17088D8-3FED-4508-8BA1-4C884216254B}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E2C621FF-594D-4635-B20B-379A338D31F6}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe
FirewallRules: [{C7177629-766A-4491-BCFE-5FD724152510}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{626299BB-1485-49B0-A6EF-8A33C4B421C0}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{1EE9F80F-C12F-4F16-A19D-34B7FAD03057}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{09379D06-382B-4EDF-A0FE-59B8CDC6DFEC}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [TCP Query User{E0A179D0-E65C-4424-A8FC-134F51E022F3}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{F3641747-5356-4D38-A7E5-3B6481F5AD35}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{F7F4CEFB-C39B-406F-A334-0D0ED59FB716}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{AF6A7862-A027-46A9-AB13-C029CEBBA9EE}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{558F2990-EAC4-4524-A135-8A0005BA1DE0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6B390909-5C3D-4B70-95E6-C57245E61CE7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
FirewallRules: [{C3D68476-B03F-47F9-A9CA-0B4BCF92753E}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe
FirewallRules: [{82E842A6-D6A4-4C05-89D3-CFF3AB645040}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe
FirewallRules: [{6C9CBEB6-2170-4006-BE99-C74AA633637B}] => (Allow) C:\non-os\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\non-os\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\non-os\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\non-os\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\non-os\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
27-10-2018 19:23:12 Scheduled Checkpoint
28-10-2018 02:00:45 Windows Update
28-10-2018 04:38:07 Installed Intel® Wireless Bluetooth®
03-11-2018 19:17:14 Intel® Driver & Support Assistant
03-11-2018 19:42:03 Intel® PROSet/Wireless Software
03-11-2018 19:42:27 Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325
03-11-2018 19:43:17 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
04-11-2018 06:31:22 Decrap my Computer [W7-x64] - Decrap my Computer
04-11-2018 07:16:12 Decrap my Computer [W7-x64] - Decrap my Computer
04-11-2018 07:30:38 Decrap my Computer [W7-x64] - Decrap my Computer
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/07/2018 04:58:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24260, time stamp: 0x5b9470f4
Exception code: 0xc06d007e
Fault offset: 0x000000000000bded
Faulting process id: 0x1640
Faulting application start time: 0x01d476807c3a5e2f
Faulting application path: C:\Windows\system32\WLANExt.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: bb6c8cfc-e273-11e8-9e04-801934ce9bf3
 
Error: (11/06/2018 04:16:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7676
 
Error: (11/06/2018 04:16:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7676
 
Error: (11/06/2018 04:16:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/06/2018 04:16:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6677
 
Error: (11/06/2018 04:16:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6677
 
Error: (11/06/2018 04:16:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/06/2018 04:16:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5554
 
 
System errors:
=============
Error: (11/07/2018 04:58:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (11/07/2018 04:58:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 1726
 
Error: (11/07/2018 04:58:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (11/06/2018 03:29:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (11/06/2018 03:08:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (11/05/2018 11:29:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (11/05/2018 11:28:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/05/2018 11:28:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 58%
Total physical RAM: 8080.36 MB
Available physical RAM: 3324.91 MB
Total Virtual: 16158.86 MB
Available Virtual: 12042.94 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.02 GB) (Free:766.58 GB) NTFS
 
\\?\Volume{9ff80743-108f-11e8-9196-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 198DF528)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,474 posts
  • MVP

Uninstall:

 

Spybot - Search & Destroy

 

Private Internet Access Support Files

 

Bonjour

 

Java 8 Update 31

 

Java 8 Update 181 (64-bit)

 

 

 

Rerun FRST scan with Addition.txt and post the logs.

 

Also

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


 


  • 0

#3
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

thanks for the help! sorry about the long wait. for what ever reason i never got an email about this thread. but its now book marked and i will check it daily. spy, bonjour, pia, java have been uninstalled. spybot needed a restart. so restarted and ran fubur. the pia is my vpn. and bonjour is used by itunes to talk to iphone/ipad isnt it?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.11.2018
Ran by User (administrator) on USER-PC (10-11-2018 20:52:10)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Wargaming.net) C:\non-os\World_of_Tanks\WargamingGameUpdater.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [290064 2018-10-10] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoThemesTab] 1
BootExecute: 
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1894722739-3979997351-3746568665-1000] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{096D4EA8-B3B7-4B42-B91A-2D6753E86104}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{A3E44CE9-87D0-4413-A0C7-3C41D31D1BAE}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{C0C5A3B0-8751-4A61-ADB0-CA4752ACE43F}: [DhcpNameServer] 172.16.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-09-25] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-563448c1
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-11-10]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-13]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2018-02-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-04]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2018-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-26]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-04]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [325072 2018-10-10] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [8237160 2018-10-10] (AVG Technologies CZ, s.r.o.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc.)
S3 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
S3 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
S3 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
S3 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-11-04] (PC-Doctor, Inc.)
S3 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23800 2018-10-18] (Intel)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257112 2017-12-16] (Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-12-16] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [201264 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [230880 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [202296 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [346616 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [59520 2018-10-10] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [46920 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42312 2018-10-10] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [163224 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87968 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1028696 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [467760 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [380992 2018-10-10] (AVG Technologies CZ, s.r.o.)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [156616 2018-05-16] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1566152 2018-05-16] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-11-04] (Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [124872 2018-05-16] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3485640 2018-05-11] (Intel Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45144 2017-12-16] (Synaptics Incorporated)
S3 iscFlash; \??\C:\Users\User\AppData\Local\Temp\7zS5946.tmp\iscflashx64.sys [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-10 20:52 - 2018-11-10 20:53 - 000014525 _____ C:\Users\User\Desktop\FRST.txt
2018-11-10 20:51 - 2018-11-10 20:51 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\procexp.exe
2018-11-10 20:42 - 2018-11-10 20:42 - 000000072 _____ C:\Windows\wininit.ini
2018-11-10 20:42 - 2018-11-10 20:42 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-11-06 00:25 - 2018-11-10 20:51 - 002415616 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2018-11-04 19:11 - 2018-11-04 20:37 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2018-11-04 08:55 - 2018-11-04 08:55 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-11-04 07:28 - 2018-11-04 07:28 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-11-04 07:28 - 2018-11-04 07:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-11-04 07:28 - 2018-11-04 07:28 - 000000000 ____D C:\Program Files\iPod
2018-11-04 06:20 - 2018-11-04 20:33 - 000000000 ____D C:\Program Files (x86)\Intel
2018-11-04 06:15 - 2018-11-04 06:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-11-04 06:14 - 2018-11-04 06:15 - 000000000 ____D C:\Program Files\Dell
2018-11-04 06:09 - 2018-11-04 06:09 - 000000000 ____D C:\ProgramData\Intel
2018-11-04 04:21 - 2018-11-04 04:21 - 000000000 ____D C:\Users\User\Documents\ProcAlyzer Dumps
2018-11-03 21:52 - 2018-11-04 06:01 - 000010658 _____ C:\Windows\ntbtlog.txt
2018-11-03 19:45 - 2018-11-04 20:45 - 000000000 ____D C:\Windows\LastGood
2018-11-03 19:45 - 2018-11-03 19:45 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-11-03 19:32 - 2018-11-03 19:32 - 000000000 ____D C:\Users\User\Downloads\Intel Driver and Support Assistant
2018-11-03 19:18 - 2018-11-04 06:09 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-11-03 19:18 - 2018-11-03 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-11-03 16:57 - 2018-11-03 16:59 - 141110631 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.2.0.1_12.exe
2018-11-03 14:37 - 2018-11-03 14:37 - 000000000 ____D C:\Users\Public\Documents\Logishrd
2018-11-02 21:06 - 2018-11-02 21:06 - 004213823 _____ C:\Users\User\Desktop\carfax silverado.pdf
2018-10-28 17:53 - 2018-10-28 18:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Padlock
2018-10-28 04:41 - 2017-05-11 07:23 - 000053248 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2018-10-28 04:40 - 2017-05-11 07:23 - 000816640 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2018-10-28 04:40 - 2017-05-11 07:23 - 000401408 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2018-10-28 04:40 - 2017-05-11 07:23 - 000023552 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2018-10-28 04:39 - 2018-10-28 04:39 - 000000000 ____D C:\Windows\LastGood.Tmp
2018-10-27 04:53 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2018-10-27 04:53 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-10-27 04:35 - 2018-10-27 04:36 - 000000000 ____D C:\ProgramData\BSD
2018-10-25 17:44 - 2017-12-16 19:03 - 000045144 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2018-10-25 17:28 - 2018-10-25 17:38 - 000000000 ____D C:\SeaTemp
2018-10-25 17:11 - 2018-10-25 17:11 - 000000000 ____D C:\Dell
2018-10-25 17:06 - 2017-12-16 19:04 - 000803928 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2018-10-25 17:06 - 2017-12-16 19:04 - 000428120 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2018-10-25 17:06 - 2017-12-16 19:04 - 000297048 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo46-4.dll
2018-10-25 17:06 - 2017-12-16 19:04 - 000278616 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2018-10-25 17:06 - 2017-12-16 19:03 - 000674392 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000070232 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynPTPHID_Aux.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000057432 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynRMIHID_Aux.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000045144 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel_Aux.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000044120 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2018-10-25 17:06 - 2014-01-30 18:17 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2018-10-25 17:05 - 2018-10-25 17:05 - 000000000 ____D C:\ProgramData\Synaptics
2018-10-25 02:17 - 2018-10-27 14:31 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-25 02:11 - 2018-10-25 02:11 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\227BE3D1.sys
2018-10-25 01:51 - 2018-10-25 01:51 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decrap my Computer
2018-10-25 01:21 - 2018-10-25 01:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVG
2018-10-25 01:18 - 2018-10-25 01:18 - 000001089 _____ C:\Users\User\Desktop\Windows Media Player.lnk
2018-10-25 00:55 - 2018-10-25 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
2018-10-25 00:55 - 2018-10-25 00:55 - 000001128 _____ C:\Users\User\Desktop\MP3 Rocket 7.4.1.lnk
2018-10-25 00:22 - 2018-10-25 00:22 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-10-24 23:26 - 2018-10-24 23:28 - 000000000 ____D C:\Users\User\.mp3rocket
2018-10-20 16:34 - 2018-10-20 16:34 - 000041608 _____ (Dell Inc.) C:\Windows\system32\Drivers\DDDriver64Dcsa.sys
2018-10-20 16:34 - 2018-10-20 16:34 - 000041208 _____ (Dell Computer Corporation) C:\Windows\system32\Drivers\DellProf.sys
2018-10-12 19:41 - 2018-10-12 19:51 - 000000000 ____D C:\AdwCleaner
2018-10-12 19:41 - 2018-10-12 19:41 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5662B627.sys
2018-10-12 19:40 - 2018-10-25 03:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-10-12 17:57 - 2018-11-10 20:52 - 000000000 ____D C:\FRST
2018-10-11 08:05 - 2018-10-11 08:05 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2018-10-11 08:04 - 2018-10-11 08:04 - 000001686 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-11 08:04 - 2018-10-11 08:04 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray
2018-10-11 08:04 - 2018-10-11 08:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-10 20:48 - 2018-02-12 23:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2018-11-10 20:48 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-10 19:20 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-10 19:20 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-10 19:15 - 2009-07-14 00:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-10 19:15 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-11-10 19:12 - 2018-08-24 20:18 - 000000000 ____D C:\Users\Public\Logi
2018-11-05 23:27 - 2009-07-13 23:45 - 000314800 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-04 19:55 - 2018-02-12 23:58 - 000073440 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-04 19:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-11-04 08:04 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-11-04 07:27 - 2018-02-13 17:27 - 000000000 ____D C:\non-os
2018-11-04 06:16 - 2018-02-13 21:25 - 000000000 ____D C:\ProgramData\PCDr
2018-11-04 06:14 - 2018-02-13 20:24 - 000000000 ____D C:\ProgramData\SupportAssist
2018-11-04 05:51 - 2018-02-13 20:36 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-11-04 05:36 - 2018-02-13 18:16 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-04 05:36 - 2018-02-13 18:16 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-04 05:32 - 2018-02-13 18:29 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2018-11-04 05:16 - 2018-02-13 21:26 - 000001990 _____ C:\Users\User\Desktop\AVG AntiVirus FREE.lnk
2018-11-03 19:46 - 2018-02-12 23:50 - 000000000 ____D C:\Users\User\AppData\Roaming\Intel
2018-11-03 19:43 - 2018-02-12 23:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-02 22:32 - 2018-01-15 13:26 - 000000324 _____ C:\Users\User\Desktop\misc.txt
2018-10-28 23:50 - 2018-02-13 21:26 - 000004162 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-10-27 22:56 - 2018-07-04 11:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2018-10-27 14:29 - 2018-10-10 05:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-27 13:59 - 2018-08-19 21:51 - 000000000 ____D C:\Users\User\Desktop\Deadpool 2 (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:58 - 2018-08-19 21:51 - 000000000 ____D C:\Users\User\Desktop\Meet The Spartans (2008) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:58 - 2018-08-19 21:51 - 000000000 ____D C:\Users\User\Desktop\Avengers Infinity War (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:57 - 2018-09-09 17:37 - 000000000 ____D C:\Users\User\Desktop\Super Troopers 2 (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:57 - 2018-09-09 17:37 - 000000000 ____D C:\Users\User\Desktop\Jurassic World Fallen Kingdom (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 04:57 - 2017-12-16 04:28 - 000776220 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-10-27 04:35 - 2009-07-13 21:34 - 000000466 _____ C:\Windows\win.ini
2018-10-25 18:16 - 2018-02-13 00:20 - 000002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-25 02:20 - 2018-02-13 20:41 - 000000000 ____D C:\Users\User\Desktop\OS Tools
2018-10-25 01:51 - 2018-10-10 03:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Decrap my Computer
2018-10-25 01:21 - 2018-02-13 18:16 - 000000000 ____D C:\Users\User\Incomplete
2018-10-25 01:10 - 2018-02-13 17:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2018-10-25 00:58 - 2018-02-13 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2018-10-25 00:58 - 2018-02-13 18:14 - 000000000 ____D C:\Program Files (x86)\MP3 Rocket
2018-10-24 22:28 - 2018-02-13 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-10-22 18:16 - 2018-02-13 21:58 - 000000000 ____D C:\Users\User\AppData\Local\Jagex
2018-10-22 18:16 - 2018-02-13 21:43 - 000000000 ____D C:\ProgramData\Jagex
2018-10-14 23:06 - 2018-02-12 23:36 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2018-10-12 19:41 - 2018-02-13 20:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-12 19:34 - 2009-07-13 21:34 - 079953920 _____ C:\Windows\system32\config\software.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 019398656 _____ C:\Windows\system32\config\system.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 000262144 _____ C:\Windows\system32\config\default.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 000028672 _____ C:\Windows\system32\config\sam.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 000024576 _____ C:\Windows\system32\config\security.rcbak
2018-10-12 19:12 - 2009-07-13 22:20 - 000000000 ____D C:\PerfLogs
2018-10-11 01:36 - 2018-02-13 20:40 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
 
==================== Files in the root of some directories =======
 
2018-10-10 02:18 - 2018-10-10 02:18 - 000000002 _____ () C:\Users\User\AppData\Roaming\20181010031823.dat
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-11-04 09:24
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.11.2018
Ran by User (10-11-2018 20:54:24)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-02-13 04:35:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1894722739-3979997351-3746568665-500 - Administrator - Disabled)
Guest (S-1-5-21-1894722739-3979997351-3746568665-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1894722739-3979997351-3746568665-1002 - Limited - Enabled)
User (S-1-5-21-1894722739-3979997351-3746568665-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{B753FD71-4EB8-4842-9016-B1B97ACBDC79}) (Version: 7.1 - Intel) Hidden
µTorrent (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Aslain's WoT Modpack version 1.2.0.1.12 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.2.0.1.12 - Aslain)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.7.3069 - AVG Technologies)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Computing Improvement Program (HKLM\...\{2C895850-899F-4E06-ADB6-28A654FFCF9D}) (Version: 2.2.04036 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM\...\{00000060-0200-4FD1-8F3D-148929CC1385}) (Version: 20.60.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{e5a12991-d0a9-4922-a125-fce431f55219}) (Version: 3.6.0.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{31a05164-f722-485c-90e3-db78421fa156}) (Version: 20.70.0 - Intel Corporation)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
K-Lite Codec Pack 14.5.3 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.3 - KLCP)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.114 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.4.1 - MP3 Rocket Inc)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.0 - Power Software Ltd)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Windows 7 Manager (HKLM\...\{21F090D4-3CBD-4AAC-9E7C-76CF4EA574F4}) (Version: 5.1.4 - Yamicsoft)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\non-os\PowerISO\PWRISOSH.DLL [2018-02-11] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\non-os\PowerISO\PWRISOSH.DLL [2018-02-11] (Power Software Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-28] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\non-os\PowerISO\PWRISOSH.DLL [2018-02-11] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1D805E67-1A69-4643-9443-E96C5D6D1D0E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-10-28] (AVG Technologies CZ, s.r.o.)
Task: {235287EF-AC58-4443-A041-50945CF63EEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {26584543-FA2D-46AC-940F-9733633F0FC1} - \CCleaner Update -> No File <==== ATTENTION
Task: {2B944B7E-9C8A-42CC-85A7-350885595046} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3007366A-5675-4FED-9ED2-3AFC02481C92} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {A08B8E1F-63A3-4D62-9C1D-08E65F82FA6C} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon -> No File <==== ATTENTION
Task: {A8B5B1C1-B6D8-4DF6-AFD6-D2A759FA6DCD} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled -> No File <==== ATTENTION
Task: {CD636009-1D6B-4768-9A34-46C2D9FEC277} - \klcp_update -> No File <==== ATTENTION
Task: {D31E9446-6468-4DBE-A05F-9CEC7E7AA889} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {D5ABDBF4-5018-40E3-8B9C-4DFFCCEBEE7E} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 -> No File <==== ATTENTION
Task: {D629B3C2-6693-45ED-A8B6-56DCD1BDC61C} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-10-10] (AVG Technologies CZ, s.r.o.)
Task: {EA2C7060-900C-45A9-80F6-EC98AD7B9B4B} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver -> No File <==== ATTENTION
Task: {F8932119-869E-44BD-B406-854CD7FE84CF} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {FC0C2614-BF7C-49BB-9E41-AD87A771CE42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-06-28 04:04 - 2016-06-28 04:04 - 000382072 _____ () C:\Windows\system32\igfxTray.exe
2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000077824 _____ () C:\Program Files\Common Files\Logishrd\LAClient\zlib.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000144896 _____ () C:\Program Files\Common Files\Logishrd\LAClient\libssh2.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000726288 ____N () c:\Program Files\AVG\Antivirus\x64\StreamBack.dll
2018-10-25 18:16 - 2018-10-23 16:24 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libglesv2.dll
2018-10-25 18:16 - 2018-10-23 16:24 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libegl.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000919312 ____N () C:\Program Files\AVG\Antivirus\anen.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000595728 ____N () C:\Program Files\AVG\Antivirus\streamback.dll
2018-11-10 19:13 - 2018-11-10 19:13 - 005719240 _____ () C:\Program Files\AVG\Antivirus\defs\18111002\algo.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000496912 ____N () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 001112336 ____N () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-03-12 20:02 - 2018-03-12 20:02 - 067127976 ____N () C:\Program Files\AVG\Antivirus\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.reg: txtfile => %SystemRoot%\system32\NOTEPAD.EXE %1 <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2018-10-25 03:12 - 000000115 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CE33B4CE-020E-45B5-A5C5-9B05883F30BB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{98D344CF-C049-4005-B576-52078AE43075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C2CFF724-A9CD-47D8-9C0F-91E4144B60E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4054BF6-D262-4B9B-9902-E2D629658853}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F1DBDC1-CC6D-401A-8058-FAA8C19DBD34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DC388C2-4198-4BA3-A8DA-64E6CFAEB85E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A30BD90-CC0E-49FC-9C52-8472F6994B56}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{162D7D73-B4BC-4F3A-B145-D6CE0175E801}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{83FEBAFC-F7C2-435F-B7BD-9C51FB11846B}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{C17088D8-3FED-4508-8BA1-4C884216254B}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E2C621FF-594D-4635-B20B-379A338D31F6}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe
FirewallRules: [{C7177629-766A-4491-BCFE-5FD724152510}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{626299BB-1485-49B0-A6EF-8A33C4B421C0}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{1EE9F80F-C12F-4F16-A19D-34B7FAD03057}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{09379D06-382B-4EDF-A0FE-59B8CDC6DFEC}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [TCP Query User{E0A179D0-E65C-4424-A8FC-134F51E022F3}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{F3641747-5356-4D38-A7E5-3B6481F5AD35}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{F7F4CEFB-C39B-406F-A334-0D0ED59FB716}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{AF6A7862-A027-46A9-AB13-C029CEBBA9EE}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{558F2990-EAC4-4524-A135-8A0005BA1DE0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6B390909-5C3D-4B70-95E6-C57245E61CE7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
FirewallRules: [{C3D68476-B03F-47F9-A9CA-0B4BCF92753E}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe
FirewallRules: [{82E842A6-D6A4-4C05-89D3-CFF3AB645040}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe
FirewallRules: [{6C9CBEB6-2170-4006-BE99-C74AA633637B}] => (Allow) C:\non-os\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
28-10-2018 02:00:45 Windows Update
28-10-2018 04:38:07 Installed Intel® Wireless Bluetooth®
03-11-2018 19:17:14 Intel® Driver & Support Assistant
03-11-2018 19:42:03 Intel® PROSet/Wireless Software
03-11-2018 19:42:27 Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325
03-11-2018 19:43:17 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
04-11-2018 06:31:22 Decrap my Computer [W7-x64] - Decrap my Computer
04-11-2018 07:16:12 Decrap my Computer [W7-x64] - Decrap my Computer
04-11-2018 07:30:38 Decrap my Computer [W7-x64] - Decrap my Computer
10-11-2018 20:42:56 Removed Private Internet Access Support Files
10-11-2018 20:43:25 Removed Java 8 Update 31
10-11-2018 20:44:07 Removed Java 8 Update 181 (64-bit)
10-11-2018 20:44:42 Removed Bonjour
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/10/2018 08:49:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2018 08:48:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24260, time stamp: 0x5b9470f4
Exception code: 0xc06d007e
Fault offset: 0x000000000000bded
Faulting process id: 0x5b0
Faulting application start time: 0x01d47960b3a5bf48
Faulting application path: C:\Windows\system32\WLANExt.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: f1bb06b4-e553-11e8-b8a6-801934ce9bf3
 
Error: (11/10/2018 08:48:53 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/10/2018 08:48:53 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/10/2018 08:48:53 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/10/2018 07:11:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2018 07:10:45 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/10/2018 07:10:45 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (11/10/2018 08:49:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (11/10/2018 08:48:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 1726
 
Error: (11/10/2018 08:48:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (11/10/2018 07:13:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (11/10/2018 07:12:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/10/2018 07:12:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (11/10/2018 07:10:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 1726
 
Error: (11/10/2018 07:10:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 33%
Total physical RAM: 8080.36 MB
Available physical RAM: 5338.14 MB
Total Virtual: 16158.86 MB
Available Virtual: 13740.6 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.02 GB) (Free:767.02 GB) NTFS
 
\\?\Volume{9ff80743-108f-11e8-9196-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 198DF528)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#4
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

here is the process explorer results.

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 92.31 0 K 24 K 0
procexp64.exe 2.33 28,916 K 49,268 K 2240 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 1.12 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.91 30,908 K 27,904 K 1632 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
AVGUI.exe 0.83 21,760 K 44,008 K 2456 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA
chrome.exe 0.65 111,088 K 161,568 K 3372 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 0.63 2,716 K 26,604 K 736 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.40 41,580 K 53,032 K 4404 Google Chrome Google Inc. (Verified) Google Inc
System 0.36 192 K 816 K 4
SetPoint.exe 0.15 48,068 K 28,204 K 2448 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. (Verified) Logitech Inc
chrome.exe 0.10 91,652 K 122,004 K 4492 Google Chrome Google Inc. (Verified) Google Inc
explorer.exe 0.04 27,256 K 45,612 K 1668 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.03 42,668 K 56,768 K 4432 Google Chrome Google Inc. (Verified) Google Inc
SynTPEnh.exe 0.02 3,104 K 6,520 K 2380 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
AppleMobileDeviceService.exe 0.02 3,856 K 11,160 K 1456 MobileDeviceService Apple Inc. (Verified) Apple Inc.
AVGSvc.exe 0.01 68,168 K 53,728 K 1448 AVG Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA
chrome.exe 0.01 71,508 K 71,400 K 1820 Google Chrome Google Inc. (Verified) Google Inc
taskhost.exe 0.01 7,204 K 10,588 K 2040 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 594,476 K 332,176 K 1064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 0.01 8,104 K 15,844 K 1384 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
KHALMNPR.exe < 0.01 6,144 K 13,044 K 2680 Logitech KHAL Main Process Logitech, Inc. (Verified) Logitech Inc
aswidsagenta.exe < 0.01 30,984 K 48,196 K 3380 AVG Software Analyzer AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA
remoting_host.exe < 0.01 7,508 K 14,716 K 2136 Host Process Google Inc. (Verified) Google Inc
svchost.exe < 0.01 14,372 K 16,184 K 1328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WargamingGameUpdater.exe < 0.01 7,096 K 12,384 K 2472 World of Tanks Game Updater Wargaming.net (Verified) Wargaming.net Limited
csrss.exe < 0.01 2,692 K 5,568 K 644 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 160,848 K 167,472 K 548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,408 K 8,008 K 4964 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 4,348 K 9,776 K 2252 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,372 K 8,060 K 888 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,692 K 4,944 K 716 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,828 K 5,756 K 3940 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UI0Detect.exe 2,452 K 7,572 K 2344 Interactive services detection Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 6,816 K 12,368 K 4076 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,956 K 5,872 K 1496 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
SynTPEnhService.exe 1,708 K 4,964 K 2304 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 11,732 K 15,920 K 1480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,272 K 6,076 K 4768 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,232 K 8,424 K 336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 16,768 K 18,912 K 664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,728 K 10,612 K 952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 9,784 K 16,292 K 352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,852 K 5,260 K 1556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,492 K 6,260 K 1180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,812 K 5,780 K 280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 560 K 1,336 K 516 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,500 K 11,060 K 772 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
remoting_host.exe 3,384 K 7,344 K 2052 Host Process Google Inc. (Verified) Google Inc
RegSrvc.exe 1,928 K 6,732 K 2612 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation
procexp.exe 2,456 K 7,792 K 940 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
lsm.exe 2,832 K 4,800 K 804 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 4,344 K 11,876 K 796 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
Locator.exe 1,184 K 2,788 K 1508 Rpc Locator Microsoft Corporation (Verified) Microsoft Windows
laclient.exe 3,976 K 10,096 K 2724 Logi Analytics Client (UNICODE) Logitech, Inc. (Verified) Logitech Inc
igfxTray.exe 4,124 K 9,688 K 1760 (Verified) Intel Corporation - pGFX
igfxHK.exe 2,904 K 8,336 K 1752 igfxHK Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxEM.exe 4,236 K 10,920 K 1740 igfxEM Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxCUIService.exe 2,528 K 7,796 K 1248 igfxCUIService Module Intel Corporation (Verified) Intel Corporation - pGFX
ibtsiva.exe 1,588 K 4,888 K 2128 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel Corporation
dllhost.exe 2,532 K 6,780 K 4848 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1,768 K 5,084 K 2732 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 80,940 K 96,140 K 4500 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 23,064 K 34,684 K 4516 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 14,972 K 21,288 K 4784 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 18,572 K 24,368 K 4104 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,796 K 6,692 K 3560 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,980 K 7,292 K 3772 Google Chrome Google Inc. (Verified) Google Inc
audiodg.exe 15,752 K 16,016 K 3984 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows

  • 0

#5
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

heres the command promt. i DID have to hit enter (dont know if that makes a dif or not)

 

 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       516 N/A                                         
csrss.exe                      644 N/A                                         
wininit.exe                    716 N/A                                         
csrss.exe                      736 N/A                                         
services.exe                   772 N/A                                         
lsass.exe                      796 KeyIso, SamSs                               
lsm.exe                        804 N/A                                         
winlogon.exe                   888 N/A                                         
svchost.exe                    952 DcomLaunch, PlugPlay, Power                 
svchost.exe                    336 RpcEptMapper, RpcSs                         
svchost.exe                    664 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc   
svchost.exe                    548 AudioEndpointBuilder, hidserv, IPBusEnum,   
                                   Netman, SysMain, UxSms, WdiSystemHost,      
                                   Wlansvc                                     
svchost.exe                    352 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, WdiServiceHost                         
svchost.exe                   1064 Appinfo, BITS, EapHost, iphlpsvc,           
                                   LanmanServer, MMCSS, ProfSvc, Schedule,     
                                   SENS, ShellHWDetection, Themes, Winmgmt,    
                                   wuauserv                                    
svchost.exe                   1180 gpsvc                                       
igfxCUIService.exe            1248 igfxCUIService1.0.0.0                       
svchost.exe                   1328 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
AVGSvc.exe                    1448 AVG Antivirus                               
dwm.exe                       1632 N/A                                         
explorer.exe                  1668 N/A                                         
igfxEM.exe                    1740 N/A                                         
igfxHK.exe                    1752 N/A                                         
igfxTray.exe                  1760 N/A                                         
taskhost.exe                  2040 N/A                                         
spoolsv.exe                   1384 Spooler                                     
svchost.exe                   1480 BFE, DPS, MpsSvc                            
AppleMobileDeviceService.     1456 Apple Mobile Device Service                 
taskeng.exe                   1496 N/A                                         
remoting_host.exe             2052 chromoting                                  
ibtsiva.exe                   2128 iBtSiva                                     
remoting_host.exe             2136 N/A                                         
SetPoint.exe                  2448 N/A                                         
AVGUI.exe                     2456 N/A                                         
WargamingGameUpdater.exe      2472 N/A                                         
RegSrvc.exe                   2612 RegSrvc                                     
KHALMNPR.exe                  2680 N/A                                         
laclient.exe                  2724 N/A                                         
conhost.exe                   2732 N/A                                         
SynTPEnhService.exe           2304 SynTPEnhService                             
UI0Detect.exe                 2344 UI0Detect                                   
SynTPEnh.exe                  2380 N/A                                         
svchost.exe                   1556 bthserv                                     
aswidsagenta.exe              3380 avgbIDSAgent                                
unsecapp.exe                  3940 N/A                                         
chrome.exe                    3372 N/A                                         
chrome.exe                    3560 N/A                                         
chrome.exe                    3772 N/A                                         
chrome.exe                    1820 N/A                                         
chrome.exe                    4492 N/A                                         
chrome.exe                    4500 N/A                                         
chrome.exe                    4516 N/A                                         
chrome.exe                    4104 N/A                                         
chrome.exe                    4404 N/A                                         
chrome.exe                    4432 N/A                                         
chrome.exe                    4784 N/A                                         
Locator.exe                   1508 RpcLocator                                  
TrustedInstaller.exe          4076 TrustedInstaller                            
WmiPrvSE.exe                  4964 N/A                                         
svchost.exe                   4768 SSDPSRV                                     
audiodg.exe                   3984 N/A                                         
WmiPrvSE.exe                  2252 N/A                                         
dllhost.exe                   2268 N/A                                         
dllhost.exe                   3972 N/A                                         
cmd.exe                       2436 N/A                                         
conhost.exe                   1092 N/A                                         
tasklist.exe                  1932 N/A                                         

  • 0

#6
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

and here is speccy results. thank you again.

Attached Files


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,474 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   7.14KB   18 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

 

I see some errors in the S.M.A.R.T. of your Hard drive so best to run a disk check:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check,

 

Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close notepad.  Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)



Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


 


  • 0

#8
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

ok im working on these now. shut down seems to be taking longer and longer lately. but start up after the fixit was zippy fast. but heres the fix log. now im running the disk check.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.11.2018
Ran by User (10-11-2018 23:13:20) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
BootExecute: 
GroupPolicy: Restriction ? <==== ATTENTION
ProxyServer: [S-1-5-21-1894722739-3979997351-3746568665-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
VirusTotal: C:\Windows\system32\wuaueng2.dll 
VerifySignature: C:\Windows\system32\wuaueng.dll
S3 iscFlash; \??\C:\Users\User\AppData\Local\Temp\7zS5946.tmp\iscflashx64.sys [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
 Task: {26584543-FA2D-46AC-940F-9733633F0FC1} - \CCleaner Update -> No File <==== ATTENTION
Task: {2B944B7E-9C8A-42CC-85A7-350885595046} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3007366A-5675-4FED-9ED2-3AFC02481C92} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {A08B8E1F-63A3-4D62-9C1D-08E65F82FA6C} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon -> No File <==== ATTENTION
Task: {A8B5B1C1-B6D8-4DF6-AFD6-D2A759FA6DCD} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled -> No File <==== ATTENTION
Task: {CD636009-1D6B-4768-9A34-46C2D9FEC277} - \klcp_update -> No File <==== ATTENTION
Task: {D5ABDBF4-5018-40E3-8B9C-4DFFCCEBEE7E} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 -> No File <==== ATTENTION
Task: {EA2C7060-900C-45A9-80F6-EC98AD7B9B4B} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver -> No File <==== ATTENTION
Task: {F8932119-869E-44BD-B406-854CD7FE84CF} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
VerifySignature: C:\Windows\notepad.exe
VirusTotal: C:\Windows\System32\notepad.exe
FirewallRules: [TCP Query User{E0A179D0-E65C-4424-A8FC-134F51E022F3}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{F3641747-5356-4D38-A7E5-3B6481F5AD35}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{F7F4CEFB-C39B-406F-A334-0D0ED59FB716}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{AF6A7862-A027-46A9-AB13-C029CEBBA9EE}] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
 
 
 
 
*****************
 
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
Could not restore Default URLSearchHook.
VirusTotal: C:\Windows\system32\wuaueng2.dll => https://www.virustot...sis/1540285493/
"C:\Windows\system32\wuaueng.dll" => File is digitally signed
HKLM\System\CurrentControlSet\Services\iscFlash => removed successfully
iscFlash => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{26584543-FA2D-46AC-940F-9733633F0FC1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26584543-FA2D-46AC-940F-9733633F0FC1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B944B7E-9C8A-42CC-85A7-350885595046}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B944B7E-9C8A-42CC-85A7-350885595046}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3007366A-5675-4FED-9ED2-3AFC02481C92}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3007366A-5675-4FED-9ED2-3AFC02481C92}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControlsMigration" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControls" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A08B8E1F-63A3-4D62-9C1D-08E65F82FA6C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A08B8E1F-63A3-4D62-9C1D-08E65F82FA6C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8B5B1C1-B6D8-4DF6-AFD6-D2A759FA6DCD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8B5B1C1-B6D8-4DF6-AFD6-D2A759FA6DCD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE669C13-8165-4536-96D0-6D6C39292AAE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE669C13-8165-4536-96D0-6D6C39292AAE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Diagnosis\Scheduled" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD636009-1D6B-4768-9A34-46C2D9FEC277}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD636009-1D6B-4768-9A34-46C2D9FEC277}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klcp_update" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5ABDBF4-5018-40E3-8B9C-4DFFCCEBEE7E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5ABDBF4-5018-40E3-8B9C-4DFFCCEBEE7E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA2C7060-900C-45A9-80F6-EC98AD7B9B4B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA2C7060-900C-45A9-80F6-EC98AD7B9B4B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8932119-869E-44BD-B406-854CD7FE84CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8932119-869E-44BD-B406-854CD7FE84CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => removed successfully
"C:\Windows\notepad.exe" => File is digitally signed
VirusTotal: C:\Windows\System32\notepad.exe => https://www.virustot...sis/1541851782/
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E0A179D0-E65C-4424-A8FC-134F51E022F3}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F3641747-5356-4D38-A7E5-3B6481F5AD35}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7F4CEFB-C39B-406F-A334-0D0ED59FB716}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF6A7862-A027-46A9-AB13-C029CEBBA9EE}" => removed successfully
FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" => Error: No automatic fix found for this entry.
 
 
The system needed a reboot.
 
==== End of Fixlog 23:13:23 ====

  • 0

#9
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

ok disk check i didnt see all the results but i saw no errors so im assuming its good. the system scan said it didnt detect any files needing fixing. here is the 2 logs from that tool;

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/11/2018 4:12:16 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/11/2018 8:20:07 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Log: 'System' Date/Time: 11/11/2018 8:20:03 AM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 1726 
 
Log: 'System' Date/Time: 11/11/2018 8:20:03 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 11/11/2018 4:17:30 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Log: 'System' Date/Time: 11/11/2018 4:16:54 AM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 1726 
 
Log: 'System' Date/Time: 11/11/2018 4:16:54 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 11/11/2018 1:49:40 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Log: 'System' Date/Time: 11/11/2018 1:48:54 AM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 1726 
 
Log: 'System' Date/Time: 11/11/2018 1:48:54 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 11/11/2018 12:13:08 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Log: 'System' Date/Time: 11/11/2018 12:12:08 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 11/11/2018 12:12:08 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (60000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Log: 'System' Date/Time: 11/11/2018 12:10:47 AM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 1726 
 
Log: 'System' Date/Time: 11/11/2018 12:10:47 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 10/11/2018 4:03:07 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Log: 'System' Date/Time: 10/11/2018 4:02:00 AM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 1726 
 
Log: 'System' Date/Time: 10/11/2018 4:02:00 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 08/11/2018 7:05:29 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Log: 'System' Date/Time: 08/11/2018 7:05:15 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 08/11/2018 7:05:15 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (60000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/11/2018 8:46:22 AM
Type: Warning Category: 0
Event: 129 Source: iaStorA
Reset to device, \Device\RaidPort0, was issued.
 
Log: 'System' Date/Time: 11/11/2018 8:23:39 AM
Type: Warning Category: 0
Event: 129 Source: iaStorA
Reset to device, \Device\RaidPort0, was issued.
 
Log: 'System' Date/Time: 11/11/2018 8:20:27 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 11/11/2018 8:20:27 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 11/11/2018 8:20:27 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 11/11/2018 8:20:27 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 11/11/2018 8:19:20 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\usbccgp failed to load for the device USB\VID_046D&PID_C51A\6&15549000&0&4.
 
Log: 'System' Date/Time: 11/11/2018 4:24:54 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 11/11/2018 4:23:35 AM
Type: Warning Category: 0
Event: 129 Source: iaStorA
Reset to device, \Device\RaidPort0, was issued.
 
Log: 'System' Date/Time: 11/11/2018 4:20:19 AM
Type: Warning Category: 0
Event: 129 Source: iaStorA
Reset to device, \Device\RaidPort0, was issued.
 
Log: 'System' Date/Time: 11/11/2018 4:17:58 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 11/11/2018 4:17:58 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 11/11/2018 4:17:58 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 11/11/2018 4:17:58 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 11/11/2018 4:13:40 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 11/11/2018 1:52:18 AM
Type: Warning Category: 0
Event: 129 Source: iaStorA
Reset to device, \Device\RaidPort0, was issued.
 
Log: 'System' Date/Time: 11/11/2018 1:49:53 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 11/11/2018 1:49:53 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 11/11/2018 1:49:53 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 11/11/2018 1:49:53 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/11/2018 4:13:51 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/11/2018 8:20:18 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Log: 'Application' Date/Time: 11/11/2018 8:19:59 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33 Faulting module name: KERNELBASE.dll, version: 6.1.7601.24260, time stamp: 0x5b9470f4 Exception code: 0xc06d007e Fault offset: 0x000000000000bded Faulting process id: 0x5a4 Faulting application start time: 0x01d479974630bb89 Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 93e76c22-e58a-11e8-9c1f-801934ce9bf3
 
Log: 'Application' Date/Time: 11/11/2018 8:19:30 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 11/11/2018 8:19:30 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 11/11/2018 8:19:30 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 11/11/2018 4:17:32 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Log: 'Application' Date/Time: 11/11/2018 4:16:52 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33 Faulting module name: KERNELBASE.dll, version: 6.1.7601.24260, time stamp: 0x5b9470f4 Exception code: 0xc06d007e Fault offset: 0x000000000000bded Faulting process id: 0x584 Faulting application start time: 0x01d479755f7b95b4 Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 9da8aae3-e568-11e8-9dc2-801934ce9bf3
 
Log: 'Application' Date/Time: 11/11/2018 4:16:50 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 11/11/2018 4:16:50 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 11/11/2018 4:16:50 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 11/11/2018 1:49:26 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Log: 'Application' Date/Time: 11/11/2018 1:48:54 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33 Faulting module name: KERNELBASE.dll, version: 6.1.7601.24260, time stamp: 0x5b9470f4 Exception code: 0xc06d007e Fault offset: 0x000000000000bded Faulting process id: 0x5b0 Faulting application start time: 0x01d47960b3a5bf48 Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: f1bb06b4-e553-11e8-b8a6-801934ce9bf3
 
Log: 'Application' Date/Time: 11/11/2018 1:48:53 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 11/11/2018 1:48:53 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 11/11/2018 1:48:53 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 11/11/2018 12:11:10 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Log: 'Application' Date/Time: 11/11/2018 12:10:45 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 11/11/2018 12:10:45 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 11/11/2018 12:10:45 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 11/11/2018 12:10:46 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33 Faulting module name: KERNELBASE.dll, version: 6.1.7601.24260, time stamp: 0x5b9470f4 Exception code: 0xc06d007e Fault offset: 0x000000000000bded Faulting process id: 0x568 Faulting application start time: 0x01d47952fe38c856 Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 3bfabf99-e546-11e8-b9be-801934ce9bf3
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/11/2018 4:24:51 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes:
 
 
Log: 'Application' Date/Time: 11/11/2018 4:24:50 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000:
Process 1420 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1420 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
 
 
Log: 'Application' Date/Time: 11/11/2018 4:13:36 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes:
 
 
Log: 'Application' Date/Time: 11/11/2018 4:13:36 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   3 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000:
Process 1448 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1448 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1448 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
 
 
Log: 'Application' Date/Time: 11/11/2018 1:45:33 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes:
 
 
Log: 'Application' Date/Time: 11/11/2018 1:45:32 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   4 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000:
Process 1376 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1376 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1376 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 5044 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
 
 
Log: 'Application' Date/Time: 10/11/2018 10:48:09 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   4 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000:
Process 1428 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 840 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1428 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1428 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
 
 
Log: 'Application' Date/Time: 08/11/2018 11:15:17 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   3 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000:
Process 1424 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1424 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 824 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
 
 
Log: 'Application' Date/Time: 07/11/2018 11:03:37 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   4 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000:
Process 1520 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1520 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1520 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1520 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
 
 
Log: 'Application' Date/Time: 05/11/2018 11:01:31 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes:
Process 1528 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000_CLASSES
 
 
Log: 'Application' Date/Time: 05/11/2018 11:01:31 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   11 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000:
Process 1528 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1528 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1528 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1528 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1048 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1048 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1048 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1048 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000\Software
Process 1048 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000\Software\Microsoft\Internet Explorer\Main
Process 1048 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000\Software\Policies
Process 1048 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
 
 
Log: 'Application' Date/Time: 04/11/2018 8:04:16 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000:
Process 1468 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1468 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
 
 
Log: 'Application' Date/Time: 04/11/2018 7:58:26 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   3 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000:
Process 1580 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1580 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1580 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
 
 
Log: 'Application' Date/Time: 04/11/2018 1:50:56 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   3 user registry handles leaked from \Registry\User\S-1-5-21-1894722739-3979997351-3746568665-1000:
Process 1520 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1520 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
Process 1520 (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1894722739-3979997351-3746568665-1000
 
 
Log: 'Application' Date/Time: 04/11/2018 11:01:12 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 04/11/2018 11:01:11 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 

  • 0

#10
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

and finally heres the new frst logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.11.2018
Ran by User (administrator) on USER-PC (11-11-2018 04:26:53)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Wargaming.net) C:\non-os\World_of_Tanks\WargamingGameUpdater.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [290064 2018-10-10] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoThemesTab] 1
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{096D4EA8-B3B7-4B42-B91A-2D6753E86104}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{A3E44CE9-87D0-4413-A0C7-3C41D31D1BAE}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{C0C5A3B0-8751-4A61-ADB0-CA4752ACE43F}: [DhcpNameServer] 172.16.0.1
 
Internet Explorer:
==================
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-09-25] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-563448c1
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-11-11]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-13]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2018-02-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-04]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2018-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-26]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-04]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [325072 2018-10-10] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [8237160 2018-10-10] (AVG Technologies CZ, s.r.o.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc.)
S3 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
S3 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
S3 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
S3 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-11-04] (PC-Doctor, Inc.)
S3 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23800 2018-10-18] (Intel)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257112 2017-12-16] (Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-12-16] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [201264 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [230880 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [202296 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [346616 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [59520 2018-10-10] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [46920 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42312 2018-10-10] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [163224 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87968 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1028696 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [467760 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [380992 2018-10-10] (AVG Technologies CZ, s.r.o.)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [156616 2018-05-16] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1566152 2018-05-16] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-11-04] (Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [124872 2018-05-16] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3485640 2018-05-11] (Intel Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45144 2017-12-16] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-11 04:14 - 2018-11-11 04:14 - 000021181 _____ C:\app log.txt
2018-11-11 04:12 - 2018-11-11 04:13 - 000021181 _____ C:\VEW.txt
2018-11-11 03:18 - 2018-11-11 03:18 - 000003544 ____N C:\bootsqm.dat
2018-11-10 23:13 - 2018-11-10 23:13 - 000013021 _____ C:\Users\User\Desktop\Fixlog.txt
2018-11-10 23:12 - 2018-11-10 23:12 - 000061440 _____ ( ) C:\Users\User\Desktop\VEW.exe
2018-11-10 21:06 - 2018-11-10 21:07 - 000110048 _____ C:\Users\User\Desktop\USER-PC.txt
2018-11-10 21:05 - 2018-11-10 21:05 - 000000712 _____ C:\Users\Public\Desktop\Speccy.lnk
2018-11-10 21:05 - 2018-11-10 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-11-10 21:04 - 2018-11-10 21:04 - 006889184 _____ (Piriform Ltd) C:\Users\User\Desktop\spsetup132.exe
2018-11-10 21:01 - 2018-11-10 21:01 - 000006239 _____ C:\junk.txt
2018-11-10 21:00 - 2018-11-10 21:00 - 000007462 _____ C:\Users\User\Desktop\System Idle Process.txt
2018-11-10 20:54 - 2018-11-10 20:55 - 000026121 _____ C:\Users\User\Desktop\Addition.txt
2018-11-10 20:52 - 2018-11-11 04:27 - 000013669 _____ C:\Users\User\Desktop\FRST.txt
2018-11-10 20:51 - 2018-11-10 20:51 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\procexp.exe
2018-11-10 20:42 - 2018-11-10 20:42 - 000000072 _____ C:\Windows\wininit.ini
2018-11-10 20:42 - 2018-11-10 20:42 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-11-06 00:25 - 2018-11-10 20:51 - 002415616 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2018-11-04 19:11 - 2018-11-04 20:37 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2018-11-04 08:55 - 2018-11-04 08:55 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-11-04 07:28 - 2018-11-04 07:28 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-11-04 07:28 - 2018-11-04 07:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-11-04 07:28 - 2018-11-04 07:28 - 000000000 ____D C:\Program Files\iPod
2018-11-04 06:20 - 2018-11-04 20:33 - 000000000 ____D C:\Program Files (x86)\Intel
2018-11-04 06:15 - 2018-11-04 06:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-11-04 06:14 - 2018-11-04 06:15 - 000000000 ____D C:\Program Files\Dell
2018-11-04 06:09 - 2018-11-04 06:09 - 000000000 ____D C:\ProgramData\Intel
2018-11-04 04:21 - 2018-11-04 04:21 - 000000000 ____D C:\Users\User\Documents\ProcAlyzer Dumps
2018-11-03 21:52 - 2018-11-04 06:01 - 000010658 _____ C:\Windows\ntbtlog.txt
2018-11-03 19:45 - 2018-11-04 20:45 - 000000000 ____D C:\Windows\LastGood
2018-11-03 19:45 - 2018-11-03 19:45 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-11-03 19:32 - 2018-11-03 19:32 - 000000000 ____D C:\Users\User\Downloads\Intel Driver and Support Assistant
2018-11-03 19:18 - 2018-11-04 06:09 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-11-03 19:18 - 2018-11-03 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-11-03 16:57 - 2018-11-03 16:59 - 141110631 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.2.0.1_12.exe
2018-11-03 14:37 - 2018-11-03 14:37 - 000000000 ____D C:\Users\Public\Documents\Logishrd
2018-11-02 21:06 - 2018-11-02 21:06 - 004213823 _____ C:\Users\User\Desktop\carfax silverado.pdf
2018-10-28 17:53 - 2018-10-28 18:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Padlock
2018-10-28 04:41 - 2017-05-11 07:23 - 000053248 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2018-10-28 04:40 - 2017-05-11 07:23 - 000816640 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2018-10-28 04:40 - 2017-05-11 07:23 - 000401408 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2018-10-28 04:40 - 2017-05-11 07:23 - 000023552 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2018-10-28 04:39 - 2018-10-28 04:39 - 000000000 ____D C:\Windows\LastGood.Tmp
2018-10-27 04:53 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2018-10-27 04:53 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-10-27 04:35 - 2018-10-27 04:36 - 000000000 ____D C:\ProgramData\BSD
2018-10-25 17:44 - 2017-12-16 19:03 - 000045144 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2018-10-25 17:28 - 2018-10-25 17:38 - 000000000 ____D C:\SeaTemp
2018-10-25 17:11 - 2018-10-25 17:11 - 000000000 ____D C:\Dell
2018-10-25 17:06 - 2017-12-16 19:04 - 000803928 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2018-10-25 17:06 - 2017-12-16 19:04 - 000428120 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2018-10-25 17:06 - 2017-12-16 19:04 - 000297048 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo46-4.dll
2018-10-25 17:06 - 2017-12-16 19:04 - 000278616 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2018-10-25 17:06 - 2017-12-16 19:03 - 000674392 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000070232 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynPTPHID_Aux.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000057432 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynRMIHID_Aux.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000045144 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel_Aux.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000044120 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2018-10-25 17:06 - 2014-01-30 18:17 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2018-10-25 17:05 - 2018-10-25 17:05 - 000000000 ____D C:\ProgramData\Synaptics
2018-10-25 02:17 - 2018-10-27 14:31 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-25 02:11 - 2018-10-25 02:11 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\227BE3D1.sys
2018-10-25 01:51 - 2018-10-25 01:51 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decrap my Computer
2018-10-25 01:21 - 2018-10-25 01:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVG
2018-10-25 01:18 - 2018-10-25 01:18 - 000001089 _____ C:\Users\User\Desktop\Windows Media Player.lnk
2018-10-25 00:55 - 2018-10-25 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
2018-10-25 00:55 - 2018-10-25 00:55 - 000001128 _____ C:\Users\User\Desktop\MP3 Rocket 7.4.1.lnk
2018-10-25 00:22 - 2018-10-25 00:22 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-10-24 23:26 - 2018-10-24 23:28 - 000000000 ____D C:\Users\User\.mp3rocket
2018-10-20 16:34 - 2018-10-20 16:34 - 000041608 _____ (Dell Inc.) C:\Windows\system32\Drivers\DDDriver64Dcsa.sys
2018-10-20 16:34 - 2018-10-20 16:34 - 000041208 _____ (Dell Computer Corporation) C:\Windows\system32\Drivers\DellProf.sys
2018-10-12 19:41 - 2018-10-12 19:51 - 000000000 ____D C:\AdwCleaner
2018-10-12 19:41 - 2018-10-12 19:41 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5662B627.sys
2018-10-12 19:40 - 2018-10-25 03:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-10-12 17:57 - 2018-11-11 04:26 - 000000000 ____D C:\FRST
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-11 03:28 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-11 03:28 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-11 03:24 - 2009-07-14 00:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-11 03:24 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-11-11 03:19 - 2018-02-12 23:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2018-11-11 03:19 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-10 23:17 - 2018-06-17 14:35 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-11-10 23:13 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-11-10 21:05 - 2018-02-13 17:27 - 000000000 ____D C:\non-os
2018-11-10 19:12 - 2018-08-24 20:18 - 000000000 ____D C:\Users\Public\Logi
2018-11-05 23:27 - 2009-07-13 23:45 - 000314800 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-04 19:55 - 2018-02-12 23:58 - 000073440 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-04 19:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-11-04 08:04 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-11-04 06:16 - 2018-02-13 21:25 - 000000000 ____D C:\ProgramData\PCDr
2018-11-04 06:14 - 2018-02-13 20:24 - 000000000 ____D C:\ProgramData\SupportAssist
2018-11-04 05:51 - 2018-02-13 20:36 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-11-04 05:36 - 2018-02-13 18:16 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-04 05:36 - 2018-02-13 18:16 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-04 05:32 - 2018-02-13 18:29 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2018-11-04 05:16 - 2018-02-13 21:26 - 000001990 _____ C:\Users\User\Desktop\AVG AntiVirus FREE.lnk
2018-11-03 19:46 - 2018-02-12 23:50 - 000000000 ____D C:\Users\User\AppData\Roaming\Intel
2018-11-03 19:43 - 2018-02-12 23:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-02 22:32 - 2018-01-15 13:26 - 000000324 _____ C:\Users\User\Desktop\misc.txt
2018-10-28 23:50 - 2018-02-13 21:26 - 000004162 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-10-27 22:56 - 2018-07-04 11:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2018-10-27 14:29 - 2018-10-10 05:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-27 13:59 - 2018-08-19 21:51 - 000000000 ____D C:\Users\User\Desktop\Deadpool 2 (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:58 - 2018-08-19 21:51 - 000000000 ____D C:\Users\User\Desktop\Meet The Spartans (2008) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:58 - 2018-08-19 21:51 - 000000000 ____D C:\Users\User\Desktop\Avengers Infinity War (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:57 - 2018-09-09 17:37 - 000000000 ____D C:\Users\User\Desktop\Super Troopers 2 (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:57 - 2018-09-09 17:37 - 000000000 ____D C:\Users\User\Desktop\Jurassic World Fallen Kingdom (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 04:57 - 2017-12-16 04:28 - 000776220 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-10-27 04:35 - 2009-07-13 21:34 - 000000466 _____ C:\Windows\win.ini
2018-10-25 18:16 - 2018-02-13 00:20 - 000002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-25 02:20 - 2018-02-13 20:41 - 000000000 ____D C:\Users\User\Desktop\OS Tools
2018-10-25 01:51 - 2018-10-10 03:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Decrap my Computer
2018-10-25 01:21 - 2018-02-13 18:16 - 000000000 ____D C:\Users\User\Incomplete
2018-10-25 01:10 - 2018-02-13 17:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2018-10-25 00:58 - 2018-02-13 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2018-10-25 00:58 - 2018-02-13 18:14 - 000000000 ____D C:\Program Files (x86)\MP3 Rocket
2018-10-24 22:28 - 2018-02-13 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-10-22 18:16 - 2018-02-13 21:58 - 000000000 ____D C:\Users\User\AppData\Local\Jagex
2018-10-22 18:16 - 2018-02-13 21:43 - 000000000 ____D C:\ProgramData\Jagex
2018-10-14 23:06 - 2018-02-12 23:36 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2018-10-12 19:41 - 2018-02-13 20:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-12 19:34 - 2009-07-13 21:34 - 079953920 _____ C:\Windows\system32\config\software.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 019398656 _____ C:\Windows\system32\config\system.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 000262144 _____ C:\Windows\system32\config\default.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 000028672 _____ C:\Windows\system32\config\sam.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 000024576 _____ C:\Windows\system32\config\security.rcbak
2018-10-12 19:12 - 2009-07-13 22:20 - 000000000 ____D C:\PerfLogs
 
==================== Files in the root of some directories =======
 
2018-10-10 02:18 - 2018-10-10 02:18 - 000000002 _____ () C:\Users\User\AppData\Roaming\20181010031823.dat
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-11-04 09:24
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.11.2018
Ran by User (11-11-2018 04:27:24)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-02-13 04:35:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1894722739-3979997351-3746568665-500 - Administrator - Disabled)
Guest (S-1-5-21-1894722739-3979997351-3746568665-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1894722739-3979997351-3746568665-1002 - Limited - Enabled)
User (S-1-5-21-1894722739-3979997351-3746568665-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{B753FD71-4EB8-4842-9016-B1B97ACBDC79}) (Version: 7.1 - Intel) Hidden
µTorrent (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Aslain's WoT Modpack version 1.2.0.1.12 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.2.0.1.12 - Aslain)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.7.3069 - AVG Technologies)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Computing Improvement Program (HKLM\...\{2C895850-899F-4E06-ADB6-28A654FFCF9D}) (Version: 2.2.04036 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM\...\{00000060-0200-4FD1-8F3D-148929CC1385}) (Version: 20.60.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{e5a12991-d0a9-4922-a125-fce431f55219}) (Version: 3.6.0.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{31a05164-f722-485c-90e3-db78421fa156}) (Version: 20.70.0 - Intel Corporation)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
K-Lite Codec Pack 14.5.3 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.3 - KLCP)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.114 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.4.1 - MP3 Rocket Inc)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Windows 7 Manager (HKLM\...\{21F090D4-3CBD-4AAC-9E7C-76CF4EA574F4}) (Version: 5.1.4 - Yamicsoft)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-28] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1D805E67-1A69-4643-9443-E96C5D6D1D0E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-10-28] (AVG Technologies CZ, s.r.o.)
Task: {235287EF-AC58-4443-A041-50945CF63EEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {D31E9446-6468-4DBE-A05F-9CEC7E7AA889} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {D629B3C2-6693-45ED-A8B6-56DCD1BDC61C} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-10-10] (AVG Technologies CZ, s.r.o.)
Task: {FC0C2614-BF7C-49BB-9E41-AD87A771CE42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-06-28 04:04 - 2016-06-28 04:04 - 000382072 _____ () C:\Windows\system32\igfxTray.exe
2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000077824 _____ () C:\Program Files\Common Files\Logishrd\LAClient\zlib.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000144896 _____ () C:\Program Files\Common Files\Logishrd\LAClient\libssh2.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000726288 ____N () c:\Program Files\AVG\Antivirus\x64\StreamBack.dll
2018-10-25 18:16 - 2018-10-23 16:24 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libglesv2.dll
2018-10-25 18:16 - 2018-10-23 16:24 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libegl.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000919312 ____N () C:\Program Files\AVG\Antivirus\anen.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000595728 ____N () C:\Program Files\AVG\Antivirus\streamback.dll
2018-11-10 19:13 - 2018-11-10 19:13 - 005719240 _____ () C:\Program Files\AVG\Antivirus\defs\18111002\algo.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000496912 ____N () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 001112336 ____N () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-03-12 20:02 - 2018-03-12 20:02 - 067127976 ____N () C:\Program Files\AVG\Antivirus\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.reg: txtfile => %SystemRoot%\system32\NOTEPAD.EXE %1 <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2018-10-25 03:12 - 000000115 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CE33B4CE-020E-45B5-A5C5-9B05883F30BB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{98D344CF-C049-4005-B576-52078AE43075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C2CFF724-A9CD-47D8-9C0F-91E4144B60E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4054BF6-D262-4B9B-9902-E2D629658853}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F1DBDC1-CC6D-401A-8058-FAA8C19DBD34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DC388C2-4198-4BA3-A8DA-64E6CFAEB85E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A30BD90-CC0E-49FC-9C52-8472F6994B56}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{162D7D73-B4BC-4F3A-B145-D6CE0175E801}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{83FEBAFC-F7C2-435F-B7BD-9C51FB11846B}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{C17088D8-3FED-4508-8BA1-4C884216254B}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E2C621FF-594D-4635-B20B-379A338D31F6}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe
FirewallRules: [{C7177629-766A-4491-BCFE-5FD724152510}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{626299BB-1485-49B0-A6EF-8A33C4B421C0}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{1EE9F80F-C12F-4F16-A19D-34B7FAD03057}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{09379D06-382B-4EDF-A0FE-59B8CDC6DFEC}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{558F2990-EAC4-4524-A135-8A0005BA1DE0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6B390909-5C3D-4B70-95E6-C57245E61CE7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
FirewallRules: [{C3D68476-B03F-47F9-A9CA-0B4BCF92753E}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe
FirewallRules: [{82E842A6-D6A4-4C05-89D3-CFF3AB645040}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe
FirewallRules: [{6C9CBEB6-2170-4006-BE99-C74AA633637B}] => (Allow) C:\non-os\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
28-10-2018 02:00:45 Windows Update
28-10-2018 04:38:07 Installed Intel® Wireless Bluetooth®
03-11-2018 19:17:14 Intel® Driver & Support Assistant
03-11-2018 19:42:03 Intel® PROSet/Wireless Software
03-11-2018 19:42:27 Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325
03-11-2018 19:43:17 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
04-11-2018 06:31:22 Decrap my Computer [W7-x64] - Decrap my Computer
04-11-2018 07:16:12 Decrap my Computer [W7-x64] - Decrap my Computer
04-11-2018 07:30:38 Decrap my Computer [W7-x64] - Decrap my Computer
10-11-2018 20:42:56 Removed Private Internet Access Support Files
10-11-2018 20:43:25 Removed Java 8 Update 31
10-11-2018 20:44:07 Removed Java 8 Update 181 (64-bit)
10-11-2018 20:44:42 Removed Bonjour
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2018 03:20:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/11/2018 03:19:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24260, time stamp: 0x5b9470f4
Exception code: 0xc06d007e
Fault offset: 0x000000000000bded
Faulting process id: 0x5a4
Faulting application start time: 0x01d479974630bb89
Faulting application path: C:\Windows\system32\WLANExt.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 93e76c22-e58a-11e8-9c1f-801934ce9bf3
 
Error: (11/11/2018 03:19:30 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/11/2018 03:19:30 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/11/2018 03:19:30 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/10/2018 11:17:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2018 11:16:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24260, time stamp: 0x5b9470f4
Exception code: 0xc06d007e
Fault offset: 0x000000000000bded
Faulting process id: 0x584
Faulting application start time: 0x01d479755f7b95b4
Faulting application path: C:\Windows\system32\WLANExt.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 9da8aae3-e568-11e8-9dc2-801934ce9bf3
 
Error: (11/10/2018 11:16:50 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (11/11/2018 03:20:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (11/11/2018 03:20:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 1726
 
Error: (11/11/2018 03:20:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (11/10/2018 11:17:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (11/10/2018 11:16:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 1726
 
Error: (11/10/2018 11:16:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (11/10/2018 08:49:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (11/10/2018 08:48:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 1726
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 32%
Total physical RAM: 8080.36 MB
Available physical RAM: 5491.45 MB
Total Virtual: 16158.86 MB
Available Virtual: 13670.53 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.02 GB) (Free:766.58 GB) NTFS
 
\\?\Volume{9ff80743-108f-11e8-9196-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 198DF528)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,474 posts
  • MVP
You need to upgrade
 
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
 
Your version is resetting at intervals:
 
Log: 'System' Date/Time: 11/11/2018 8:46:22 AM
Type: Warning Category: 0
Event: 129 Source: iaStorA
Reset to device, \Device\RaidPort0, was issued.
 

 

This will cause everything to freeze until it comes back on line as it controls access to your hard drive.

 

The newest one is at:

 
 
but it usually won't load on a Win 7 so you will probably need to use one of the earlier versions (click on Show More).  Try the SetupRST.exe from Version: 15.8.1.1007 first.  (Save and then right click and Run As Admin).  If it won't work try the next earlier version until you find one that works.  If it only offers a SetupRST.zip you will need to save it then right click and Extract All, Extract. OK.
 
Then I have a fixlist for you:
Attached File  fixlist.txt   1.27KB   14 downloads

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix
A fix log will be generated please post that
 
 
This one mostly looks at things so shouldn't need to reboot.  I will have another fixlist for you once I see what this one finds.

  • 0

#12
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

well that would def explain somethings. but that reminds me, i have the dell and intel asst. that are suppose to scan for new updates. i would run those every few weeks. but lately when all the problems started to pile those two would not run. would it be safe to assume thats bc of the hd update? anyway got the latest one for win7 installed. heres the fixit repair log. ps the computer is taking as ridiculous time to shut down now. and start up is slower.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by User (11-11-2018 12:08:17) Run:2
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
HKLM\...\.reg: txtfile => %SystemRoot%\system32\NOTEPAD.EXE %1 <==== ATTENTION
Hosts:
VerifySignature: C:\Windows\System32\WLANExt.exe
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost" /s
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdPHost" /s
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /s
FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
 
 
 
 
 
 
 
*****************
 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
HKLM\Software\Classes\.reg\\Default => value restored successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"C:\Windows\System32\WLANExt.exe" => File is digitally signed
 
========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost" /s =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost
    DisplayName    REG_SZ    @%systemroot%\system32\eapsvc.dll,-1
    ImagePath    REG_EXPAND_SZ    %SystemRoot%\System32\svchost.exe -k netsvcs
    Description    REG_SZ    @%systemroot%\system32\eapsvc.dll,-2
    ObjectName    REG_SZ    localSystem
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x3
    Type    REG_DWORD    0x20
    DependOnService    REG_MULTI_SZ    RPCSS\0KeyIso
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeTcbPrivilege\0SeDebugPrivilege\0SeImpersonatePrivilege
    FailureActions    REG_BINARY    805101000000000000000000030000001400000001000000C0D4010001000000C0D401000000000000000000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Configuration
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Methods
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Methods\311
    Name    REG_SZ    Microsoft
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Methods\311\254
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Methods\311\254\14122
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Methods\311\254\14122\1
    PeerFriendlyName    REG_SZ    Windows Connect Now EAP Peer
    Properties    REG_DWORD    0x848000
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\WcnEapPeerProxy.dll
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Methods\8086
    (Default)    REG_SZ    Intel
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Methods\8086\18
    (Default)    REG_SZ    
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerRequireConfigUI    REG_DWORD    0x0
    Properties    REG_DWORD    0x280000
    PeerFriendlyName    REG_SZ    EAP-SIM
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_sim.dll
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Methods\8086\21
    (Default)    REG_SZ    
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    Properties    REG_DWORD    0x280000
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerFriendlyName    REG_SZ    EAP-TTLS
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_ttls.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Methods\8086\23
    (Default)    REG_SZ    
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_aka.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    Properties    REG_DWORD    0x280000
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerFriendlyName    REG_SZ    EAP-AKA
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Methods\9
    (Default)    REG_EXPAND_SZ    Cisco
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Parameters
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\eapsvc.dll
    ServiceDllUnloadOnStop    REG_DWORD    0x1
    PeerInstalled    REG_DWORD    0x1
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdPHost" /s =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdPHost
    DisplayName    REG_SZ    @%systemroot%\system32\fdPHost.dll,-100
    ImagePath    REG_EXPAND_SZ    %SystemRoot%\system32\svchost.exe -k LocalService
    Description    REG_SZ    @%systemroot%\system32\fdPHost.dll,-101
    ObjectName    REG_SZ    NT AUTHORITY\LocalService
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x3
    Type    REG_DWORD    0x20
    DependOnService    REG_MULTI_SZ    RpcSs\0http
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeChangeNotifyPrivilege\0SeImpersonatePrivilege
    FailureActions    REG_BINARY    00000000000000000000000003000000140000000000000060EA000000000000000000000000000000000000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdPHost\Parameters
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\system32\fdPHost.dll
    ServiceDllUnloadOnStop    REG_DWORD    0x1
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /s =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
    PreshutdownTimeout    REG_DWORD    0x36ee800
    DisplayName    REG_SZ    @%systemroot%\system32\wuaueng.dll,-105
    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k netsvcs
    Description    REG_SZ    @%systemroot%\system32\wuaueng.dll,-106
    ObjectName    REG_SZ    LocalSystem
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    DelayedAutoStart    REG_DWORD    0x1
    Type    REG_DWORD    0x20
    DependOnService    REG_MULTI_SZ    rpcss
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeAuditPrivilege\0SeCreateGlobalPrivilege\0SeCreatePageFilePrivilege\0SeTcbPrivilege\0SeAssignPrimaryTokenPrivilege\0SeImpersonatePrivilege\0SeIncreaseQuotaPrivilege\0SeShutdownPrivilege
    FailureActions    REG_BINARY    80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters
    ServiceDll    REG_EXPAND_SZ    %systemroot%\system32\wuaueng2.dll
    ServiceMain    REG_SZ    WUServiceMain
    ServiceDllUnloadOnStop    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security
    Security    REG_BINARY    010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000
 
 
 
========= End of Reg: =========
 
FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" => Error: No automatic fix found for this entry.
 
==== End of Fixlog 12:08:25 ====

  • 0

#13
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

and here is the latest fixit log, after running everything else. will this bring back my bluetooth and other program not working? btw  i uninstalled powerISO bc i dont know y i need it. seems to had a few security issues anywas

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by User (administrator) on USER-PC (11-11-2018 12:35:03)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Wargaming.net) C:\non-os\World_of_Tanks\WargamingGameUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [290064 2018-10-10] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel Corporation)
Winlogon\Notify\LBTWlgn: 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Run: [World of Tanks] => C:\non-os\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net)
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\Policies\Explorer: [NoThemesTab] 1
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{096D4EA8-B3B7-4B42-B91A-2D6753E86104}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{A3E44CE9-87D0-4413-A0C7-3C41D31D1BAE}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{C0C5A3B0-8751-4A61-ADB0-CA4752ACE43F}: [DhcpNameServer] 172.16.0.1
 
Internet Explorer:
==================
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-09-25] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\non-os\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-563448c1
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-11-11]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-13]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2018-02-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-04]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2018-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-26]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-04]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [325072 2018-10-10] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [8237160 2018-10-10] (AVG Technologies CZ, s.r.o.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc.)
S3 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
S3 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
S3 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
S3 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-11-04] (PC-Doctor, Inc.)
S3 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23800 2018-10-18] (Intel)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [531040 2018-05-16] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-06-28] (Intel Corporation)
S3 MBAMService; C:\non-os\mbam\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257112 2017-12-16] (Synaptics Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-12-15] (Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-12-16] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [201264 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [230880 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [202296 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [346616 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [59520 2018-10-10] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [46920 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42312 2018-10-10] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [163224 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87968 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1028696 2018-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [467760 2018-10-10] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [380992 2018-10-10] (AVG Technologies CZ, s.r.o.)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [156616 2018-05-16] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1566152 2018-05-16] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-10-20] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2018-10-20] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-11-04] (Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [124872 2018-05-16] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3485640 2018-05-11] (Intel Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45144 2017-12-16] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-11 11:54 - 2018-11-11 11:54 - 000000000 ____D C:\Program Files\Intel
2018-11-11 11:50 - 2018-11-11 11:50 - 000000000 ____D C:\Users\User\Intel
2018-11-11 04:14 - 2018-11-11 04:14 - 000021181 _____ C:\app log.txt
2018-11-11 04:12 - 2018-11-11 04:13 - 000021181 _____ C:\VEW.txt
2018-11-10 23:13 - 2018-11-11 12:08 - 000008737 _____ C:\Users\User\Desktop\Fixlog.txt
2018-11-10 23:12 - 2018-11-10 23:12 - 000061440 _____ ( ) C:\Users\User\Desktop\VEW.exe
2018-11-10 21:06 - 2018-11-10 21:07 - 000110048 _____ C:\Users\User\Desktop\USER-PC.txt
2018-11-10 21:05 - 2018-11-10 21:05 - 000000712 _____ C:\Users\Public\Desktop\Speccy.lnk
2018-11-10 21:05 - 2018-11-10 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-11-10 21:01 - 2018-11-10 21:01 - 000006239 _____ C:\junk.txt
2018-11-10 21:00 - 2018-11-10 21:00 - 000007462 _____ C:\Users\User\Desktop\System Idle Process.txt
2018-11-10 20:54 - 2018-11-11 04:27 - 000023914 _____ C:\Users\User\Desktop\Addition.txt
2018-11-10 20:52 - 2018-11-11 12:35 - 000014329 _____ C:\Users\User\Desktop\FRST.txt
2018-11-10 20:51 - 2018-11-10 20:51 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Desktop\procexp.exe
2018-11-10 20:42 - 2018-11-10 20:42 - 000000072 _____ C:\Windows\wininit.ini
2018-11-10 20:42 - 2018-11-10 20:42 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-11-06 00:25 - 2018-11-11 12:07 - 002415616 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2018-11-04 19:11 - 2018-11-04 20:37 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2018-11-04 08:55 - 2018-11-04 08:55 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-11-04 07:28 - 2018-11-04 07:28 - 000001596 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-11-04 07:28 - 2018-11-04 07:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-11-04 07:28 - 2018-11-04 07:28 - 000000000 ____D C:\Program Files\iPod
2018-11-04 06:20 - 2018-11-04 20:33 - 000000000 ____D C:\Program Files (x86)\Intel
2018-11-04 06:15 - 2018-11-04 06:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-11-04 06:14 - 2018-11-04 06:15 - 000000000 ____D C:\Program Files\Dell
2018-11-04 06:09 - 2018-11-11 11:55 - 000000000 ____D C:\ProgramData\Intel
2018-11-04 04:21 - 2018-11-04 04:21 - 000000000 ____D C:\Users\User\Documents\ProcAlyzer Dumps
2018-11-03 21:52 - 2018-11-04 06:01 - 000010658 _____ C:\Windows\ntbtlog.txt
2018-11-03 19:45 - 2018-11-11 11:55 - 000000000 ____D C:\Windows\LastGood
2018-11-03 19:45 - 2018-11-03 19:45 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-11-03 19:32 - 2018-11-03 19:32 - 000000000 ____D C:\Users\User\Downloads\Intel Driver and Support Assistant
2018-11-03 19:18 - 2018-11-04 06:09 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-11-03 19:18 - 2018-11-03 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-11-03 16:57 - 2018-11-03 16:59 - 141110631 _____ (Aslain ) C:\Users\User\Desktop\Aslains_WoT_Modpack_Installer_v.1.2.0.1_12.exe
2018-11-03 14:37 - 2018-11-03 14:37 - 000000000 ____D C:\Users\Public\Documents\Logishrd
2018-11-02 21:06 - 2018-11-02 21:06 - 004213823 _____ C:\Users\User\Desktop\carfax silverado.pdf
2018-10-28 17:53 - 2018-10-28 18:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Padlock
2018-10-28 04:41 - 2017-05-11 07:23 - 000053248 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2018-10-28 04:40 - 2017-05-11 07:23 - 000816640 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2018-10-28 04:40 - 2017-05-11 07:23 - 000401408 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2018-10-28 04:40 - 2017-05-11 07:23 - 000023552 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2018-10-28 04:39 - 2018-10-28 04:39 - 000000000 ____D C:\Windows\LastGood.Tmp
2018-10-27 04:53 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2018-10-27 04:53 - 2018-08-27 22:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-10-27 04:35 - 2018-10-27 04:36 - 000000000 ____D C:\ProgramData\BSD
2018-10-25 17:44 - 2017-12-16 19:03 - 000045144 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2018-10-25 17:28 - 2018-10-25 17:38 - 000000000 ____D C:\SeaTemp
2018-10-25 17:11 - 2018-10-25 17:11 - 000000000 ____D C:\Dell
2018-10-25 17:06 - 2017-12-16 19:04 - 000803928 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2018-10-25 17:06 - 2017-12-16 19:04 - 000428120 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2018-10-25 17:06 - 2017-12-16 19:04 - 000297048 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo46-4.dll
2018-10-25 17:06 - 2017-12-16 19:04 - 000278616 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2018-10-25 17:06 - 2017-12-16 19:03 - 000674392 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000070232 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynPTPHID_Aux.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000057432 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynRMIHID_Aux.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000045144 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel_Aux.sys
2018-10-25 17:06 - 2017-12-16 19:03 - 000044120 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2018-10-25 17:06 - 2014-01-30 18:17 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2018-10-25 17:05 - 2018-10-25 17:05 - 000000000 ____D C:\ProgramData\Synaptics
2018-10-25 02:17 - 2018-10-27 14:31 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-25 02:11 - 2018-10-25 02:11 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\227BE3D1.sys
2018-10-25 01:51 - 2018-10-25 01:51 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decrap my Computer
2018-10-25 01:21 - 2018-10-25 01:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVG
2018-10-25 01:18 - 2018-10-25 01:18 - 000001089 _____ C:\Users\User\Desktop\Windows Media Player.lnk
2018-10-25 00:55 - 2018-10-25 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
2018-10-25 00:55 - 2018-10-25 00:55 - 000001128 _____ C:\Users\User\Desktop\MP3 Rocket 7.4.1.lnk
2018-10-25 00:22 - 2018-10-25 00:22 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-10-24 23:26 - 2018-10-24 23:28 - 000000000 ____D C:\Users\User\.mp3rocket
2018-10-20 16:34 - 2018-10-20 16:34 - 000041608 _____ (Dell Inc.) C:\Windows\system32\Drivers\DDDriver64Dcsa.sys
2018-10-20 16:34 - 2018-10-20 16:34 - 000041208 _____ (Dell Computer Corporation) C:\Windows\system32\Drivers\DellProf.sys
2018-10-12 19:41 - 2018-10-12 19:51 - 000000000 ____D C:\AdwCleaner
2018-10-12 19:41 - 2018-10-12 19:41 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\5662B627.sys
2018-10-12 19:40 - 2018-10-25 03:43 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-10-12 17:57 - 2018-11-11 12:35 - 000000000 ____D C:\FRST
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-11-11 12:13 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-11 12:13 - 2009-07-13 23:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-11 12:10 - 2009-07-14 00:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-11 12:10 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-11-11 12:04 - 2018-02-12 23:46 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2018-11-11 12:04 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-11 11:58 - 2018-02-13 17:27 - 000000000 ____D C:\non-os
2018-11-11 11:55 - 2018-02-12 23:58 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-11-10 23:17 - 2018-06-17 14:35 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-11-10 23:13 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-11-10 19:12 - 2018-08-24 20:18 - 000000000 ____D C:\Users\Public\Logi
2018-11-05 23:27 - 2009-07-13 23:45 - 000314800 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-04 19:55 - 2018-02-12 23:58 - 000073440 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-04 19:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-11-04 08:04 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-11-04 06:16 - 2018-02-13 21:25 - 000000000 ____D C:\ProgramData\PCDr
2018-11-04 06:14 - 2018-02-13 20:24 - 000000000 ____D C:\ProgramData\SupportAssist
2018-11-04 05:51 - 2018-02-13 20:36 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-11-04 05:36 - 2018-02-13 18:16 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-04 05:36 - 2018-02-13 18:16 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-04 05:32 - 2018-02-13 18:29 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2018-11-04 05:16 - 2018-02-13 21:26 - 000001990 _____ C:\Users\User\Desktop\AVG AntiVirus FREE.lnk
2018-11-03 19:46 - 2018-02-12 23:50 - 000000000 ____D C:\Users\User\AppData\Roaming\Intel
2018-11-03 19:43 - 2018-02-12 23:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-02 22:32 - 2018-01-15 13:26 - 000000324 _____ C:\Users\User\Desktop\misc.txt
2018-10-28 23:50 - 2018-02-13 21:26 - 000004162 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-10-27 22:56 - 2018-07-04 11:27 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2018-10-27 14:29 - 2018-10-10 05:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-27 13:59 - 2018-08-19 21:51 - 000000000 ____D C:\Users\User\Desktop\Deadpool 2 (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:58 - 2018-08-19 21:51 - 000000000 ____D C:\Users\User\Desktop\Meet The Spartans (2008) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:58 - 2018-08-19 21:51 - 000000000 ____D C:\Users\User\Desktop\Avengers Infinity War (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:57 - 2018-09-09 17:37 - 000000000 ____D C:\Users\User\Desktop\Super Troopers 2 (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 13:57 - 2018-09-09 17:37 - 000000000 ____D C:\Users\User\Desktop\Jurassic World Fallen Kingdom (2018) [BluRay] [1080p] [YTS.AM]
2018-10-27 04:57 - 2017-12-16 04:28 - 000776220 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-10-27 04:35 - 2009-07-13 21:34 - 000000466 _____ C:\Windows\win.ini
2018-10-25 18:16 - 2018-02-13 00:20 - 000002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-25 02:20 - 2018-02-13 20:41 - 000000000 ____D C:\Users\User\Desktop\OS Tools
2018-10-25 01:51 - 2018-10-10 03:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Decrap my Computer
2018-10-25 01:21 - 2018-02-13 18:16 - 000000000 ____D C:\Users\User\Incomplete
2018-10-25 01:10 - 2018-02-13 17:29 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2018-10-25 00:58 - 2018-02-13 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\MP3Rocket
2018-10-25 00:58 - 2018-02-13 18:14 - 000000000 ____D C:\Program Files (x86)\MP3 Rocket
2018-10-24 22:28 - 2018-02-13 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-10-22 18:16 - 2018-02-13 21:58 - 000000000 ____D C:\Users\User\AppData\Local\Jagex
2018-10-22 18:16 - 2018-02-13 21:43 - 000000000 ____D C:\ProgramData\Jagex
2018-10-14 23:06 - 2018-02-12 23:36 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2018-10-12 19:41 - 2018-02-13 20:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-12 19:34 - 2009-07-13 21:34 - 079953920 _____ C:\Windows\system32\config\software.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 019398656 _____ C:\Windows\system32\config\system.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 000262144 _____ C:\Windows\system32\config\default.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 000028672 _____ C:\Windows\system32\config\sam.rcbak
2018-10-12 19:34 - 2009-07-13 21:34 - 000024576 _____ C:\Windows\system32\config\security.rcbak
2018-10-12 19:12 - 2009-07-13 22:20 - 000000000 ____D C:\PerfLogs
 
==================== Files in the root of some directories =======
 
2018-10-10 02:18 - 2018-10-10 02:18 - 000000002 _____ () C:\Users\User\AppData\Roaming\20181010031823.dat
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-11-04 09:24
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by User (11-11-2018 12:35:49)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-02-13 04:35:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1894722739-3979997351-3746568665-500 - Administrator - Disabled)
Guest (S-1-5-21-1894722739-3979997351-3746568665-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1894722739-3979997351-3746568665-1002 - Limited - Enabled)
User (S-1-5-21-1894722739-3979997351-3746568665-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{B753FD71-4EB8-4842-9016-B1B97ACBDC79}) (Version: 7.1 - Intel) Hidden
µTorrent (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Aslain's WoT Modpack version 1.2.0.1.12 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 1.2.0.1.12 - Aslain)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.7.3069 - AVG Technologies)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Computing Improvement Program (HKLM\...\{2C895850-899F-4E06-ADB6-28A654FFCF9D}) (Version: 2.2.04036 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.16.1063 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.4.43 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM\...\{00000060-0200-4FD1-8F3D-148929CC1385}) (Version: 20.60.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{e5a12991-d0a9-4922-a125-fce431f55219}) (Version: 3.6.0.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{31a05164-f722-485c-90e3-db78421fa156}) (Version: 20.70.0 - Intel Corporation)
iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
K-Lite Codec Pack 14.5.3 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.3 - KLCP)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.114 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.4.1 - MP3 Rocket Inc)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39039 - Realtek Semiconductor Corp.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Windows 7 Manager (HKLM\...\{21F090D4-3CBD-4AAC-9E7C-76CF4EA574F4}) (Version: 5.1.4 - Yamicsoft)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1894722739-3979997351-3746568665-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-28] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-10-10] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\non-os\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1D805E67-1A69-4643-9443-E96C5D6D1D0E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-10-28] (AVG Technologies CZ, s.r.o.)
Task: {235287EF-AC58-4443-A041-50945CF63EEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
Task: {D31E9446-6468-4DBE-A05F-9CEC7E7AA889} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {D629B3C2-6693-45ED-A8B6-56DCD1BDC61C} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-10-10] (AVG Technologies CZ, s.r.o.)
Task: {FC0C2614-BF7C-49BB-9E41-AD87A771CE42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-13] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-06-28 04:04 - 2016-06-28 04:04 - 000382072 _____ () C:\Windows\system32\igfxTray.exe
2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000077824 _____ () C:\Program Files\Common Files\Logishrd\LAClient\zlib.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000144896 _____ () C:\Program Files\Common Files\Logishrd\LAClient\libssh2.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000726288 ____N () c:\Program Files\AVG\Antivirus\x64\StreamBack.dll
2018-10-25 18:16 - 2018-10-23 16:24 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libglesv2.dll
2018-10-25 18:16 - 2018-10-23 16:24 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libegl.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000919312 ____N () C:\Program Files\AVG\Antivirus\anen.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000595728 ____N () C:\Program Files\AVG\Antivirus\streamback.dll
2018-11-11 11:21 - 2018-11-11 11:21 - 005719240 _____ () C:\Program Files\AVG\Antivirus\defs\18111116\algo.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 000496912 ____N () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-10-10 00:32 - 2018-10-10 00:32 - 001112336 ____N () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-03-12 20:02 - 2018-03-12 20:02 - 067127976 ____N () C:\Program Files\AVG\Antivirus\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2018-11-11 12:08 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1894722739-3979997351-3746568665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CE33B4CE-020E-45B5-A5C5-9B05883F30BB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{98D344CF-C049-4005-B576-52078AE43075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C2CFF724-A9CD-47D8-9C0F-91E4144B60E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4054BF6-D262-4B9B-9902-E2D629658853}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F1DBDC1-CC6D-401A-8058-FAA8C19DBD34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DC388C2-4198-4BA3-A8DA-64E6CFAEB85E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A30BD90-CC0E-49FC-9C52-8472F6994B56}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{162D7D73-B4BC-4F3A-B145-D6CE0175E801}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{83FEBAFC-F7C2-435F-B7BD-9C51FB11846B}] => (Allow) C:\non-os\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{C17088D8-3FED-4508-8BA1-4C884216254B}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E2C621FF-594D-4635-B20B-379A338D31F6}] => (Allow) C:\non-os\World_of_Tanks\worldoftanks.exe
FirewallRules: [{C7177629-766A-4491-BCFE-5FD724152510}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{626299BB-1485-49B0-A6EF-8A33C4B421C0}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{1EE9F80F-C12F-4F16-A19D-34B7FAD03057}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{09379D06-382B-4EDF-A0FE-59B8CDC6DFEC}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{558F2990-EAC4-4524-A135-8A0005BA1DE0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6B390909-5C3D-4B70-95E6-C57245E61CE7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
FirewallRules: [{C3D68476-B03F-47F9-A9CA-0B4BCF92753E}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe
FirewallRules: [{82E842A6-D6A4-4C05-89D3-CFF3AB645040}] => (Allow) C:\non-os\CCleaner\CCUpdate.exe
FirewallRules: [{6C9CBEB6-2170-4006-BE99-C74AA633637B}] => (Allow) C:\non-os\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
03-11-2018 19:17:14 Intel® Driver & Support Assistant
03-11-2018 19:42:03 Intel® PROSet/Wireless Software
03-11-2018 19:42:27 Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325
03-11-2018 19:43:17 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
04-11-2018 06:31:22 Decrap my Computer [W7-x64] - Decrap my Computer
04-11-2018 07:16:12 Decrap my Computer [W7-x64] - Decrap my Computer
04-11-2018 07:30:38 Decrap my Computer [W7-x64] - Decrap my Computer
10-11-2018 20:42:56 Removed Private Internet Access Support Files
10-11-2018 20:43:25 Removed Java 8 Update 31
10-11-2018 20:44:07 Removed Java 8 Update 181 (64-bit)
10-11-2018 20:44:42 Removed Bonjour
11-11-2018 11:54:21 IIF_MSI
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2018 12:04:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/11/2018 12:04:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24260, time stamp: 0x5b9470f4
Exception code: 0xc06d007e
Fault offset: 0x000000000000bded
Faulting process id: 0x538
Faulting application start time: 0x01d479e098157144
Faulting application path: C:\Windows\system32\WLANExt.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: dad34a1a-e5d3-11e8-a310-801934ce9bf3
 
Error: (11/11/2018 12:04:22 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/11/2018 12:04:22 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/11/2018 12:04:22 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/11/2018 11:59:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/11/2018 11:59:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24260, time stamp: 0x5b9470f4
Exception code: 0xc06d007e
Fault offset: 0x000000000000bded
Faulting process id: 0x530
Faulting application start time: 0x01d479dfd44c78b1
Faulting application path: C:\Windows\system32\WLANExt.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 17992417-e5d3-11e8-a96f-801934ce9bf3
 
Error: (11/11/2018 11:58:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (11/11/2018 12:04:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (11/11/2018 12:04:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 1726
 
Error: (11/11/2018 12:04:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (11/11/2018 11:59:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (11/11/2018 11:59:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 1726
 
Error: (11/11/2018 11:59:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (11/11/2018 11:55:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/11/2018 10:41:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 27%
Total physical RAM: 8080.36 MB
Available physical RAM: 5824.64 MB
Total Virtual: 16158.86 MB
Available Virtual: 13862.34 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.02 GB) (Free:770.48 GB) NTFS
 
\\?\Volume{9ff80743-108f-11e8-9196-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 198DF528)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,474 posts
  • MVP

There's something wrong with EAP which is used by Wifi (and perhaps Bluetooth) to authenticate.  I expect the last Update you did of the Intel wireless  (Intel® PROSet/Wireless Software (HKLM-x32\...\{31a05164-f722-485c-90e3-db78421fa156}) (Version: 20.70.0 - Intel Corporation)   broke it.  I want to check the files to see if one of them got messed up but you may need to uninstall and reinstall or perhaps install an older version.

 

Copy the next line:

 

WcnEapPeerProxy.dll;eapui.dll;eh_eap_sim.dll;eh_eap_aka.dll;fdPHost.dll

 

Paste the copied text into the FRST Search Box (click in the box then hit Ctrl + v)  then Search Files.  You will get one log please post it.

 

For what it is worth I don't think much of Intel's Driver & Support Assistant nor Dell SupportAssist.  Most PC maker's lose interest in PCs once they ship them and don't really bother updating the drivers unless they are so bad that people start complaining so there's seldom anything for Dell SupportAssist to do.  Intel's Support Assistant doesn't seem to detect problems with iastor nor with the chipset utility.

 

 

Going to be away from the PC for the next few hours.


  • 0

#15
darkmj16

darkmj16

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

i would agree that i have a lot of corrupt files and drivers. im not a dell or intel fan either but hey cant complain with free lol. but i thought they would help, they have before. guess i was lucky. is there a way to scan and repair corrupted/broken files? i hate all of intels bloatware. but when i uninstall the proset stuff and tried to use the wondows built in... man things did not go well. but heres the log. ill be on all night.

 

Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by User (11-11-2018 17:01:03)
Running from C:\Users\User\Desktop
Boot Mode: Normal
 
================== Search Files: "WcnEapPeerProxy.dll;eapui.dll;eh_eap_sim.dll;eh_eap_aka.dll;fdPHost.dll" =============
 
C:\Windows\winsxs\wow64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_6.1.7601.24000_none_96277f6526038f57\WcnEapPeerProxy.dll
[2018-03-22 20:35][2017-12-31 20:43] 000020480 _____ (Microsoft Corporation) E0FC6700E341A2026C08DF29A9B4FEAD [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_6.1.7601.17514_none_959763920cea12e1\WcnEapPeerProxy.dll
[2009-07-13 18:52][2009-07-13 20:16] 000020992 _____ (Microsoft Corporation) 25D8CB47B680C6760DE1FD35C1FAAE22 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_6.1.7601.24000_none_8bd2d512f1a2cd5c\WcnEapPeerProxy.dll
[2018-03-22 20:35][2017-12-31 21:18] 000024576 _____ (Microsoft Corporation) 7B828D19E030EB29232AB923DDCE9BBF [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_6.1.7601.17514_none_8b42b93fd88950e6\WcnEapPeerProxy.dll
[2009-07-13 19:08][2009-07-13 20:41] 000025088 _____ (Microsoft Corporation) C9EDE8992DA01E2ADA32C2343F3F310E [File is digitally signed]
 
C:\Windows\winsxs\amd64_fdphost_31bf3856ad364e35_6.1.7600.16385_none_d78d3591881d5b04\fdPHost.dll
[2009-07-13 18:35][2009-07-13 20:40] 000016384 _____ (Microsoft Corporation) 0438CAB2E03F4FB61455A7956026FE86 [File is digitally signed]
 
C:\Windows\SysWOW64\WcnEapPeerProxy.dll
[2018-03-22 20:35][2017-12-31 20:43] 000020480 _____ (Microsoft Corporation) E0FC6700E341A2026C08DF29A9B4FEAD [File is digitally signed]
 
C:\Windows\System32\fdPHost.dll
[2009-07-13 18:35][2009-07-13 20:40] 000016384 _____ (Microsoft Corporation) 0438CAB2E03F4FB61455A7956026FE86 [File is digitally signed]
 
C:\Windows\System32\WcnEapPeerProxy.dll
[2018-03-22 20:35][2017-12-31 21:18] 000024576 _____ (Microsoft Corporation) 7B828D19E030EB29232AB923DDCE9BBF [File is digitally signed]
 
 
====== End of Search ======

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP